AdminUI Downloads

• missing dependency when building using the NuGet package

- Added RequireEmail setting to the UsernamePolicy section

- Added token_exchange to the dropdown list of grant types

- Fixed toggle for cloning SAML client certificates

- Reset MFA success message corrected
- Encoding incorrectly overridden with Unicode in index.html static web file

- Reset MFA button fixed, no longer resets password, resets second factor

- Added get by username endpoint

- Vulnerability fix for Duende package
- Stopped using docker-compose alias

• Sliding expiration setting UI fix. Now a toggle to turn on and both absolute and sliding values are enabled when sliding is selected.
• Toast message spacing fixed, were too close together when multiple displayed
• OIDC Dynamic Auth client secret change modal fix, did not display when pencil was clicked

• The `Pomelo.EntityFrameworkCore.MySql` upgrade in 8.1.2 broke an older migration; it is now fixed, which means MySQL migrations can now be run on a clean DB server again
• Added documentation for migration timeout feature, which was added in AdminUI 6.6.0 but never documented
• Fixed error reporting order for user endpoints; unauthorised errors are reported before errors retrieving users
• Documentation updates for migrations and added migration timeout setting docs

• Updated DataProtection documentation to make configuration steps for KeyVault in the NuGet package clearer
• Fixed ReadOnly view of Protected Resources, it would only show the claim selected on a scope on the first scope it appears if selected for multiple scopes
• Removed reference to a vulnerable older version of bootstrap package
• Starter mode teaser page wording fixed
• Exporting clients bug fixed, causing the export to fail
• Added validation and checks for white space in client id
• Fixed bug causing -dbProvider argument to be ignored when using -migrate flag
• Angular frontend vulnerability fixes
• Installer signing updated and now released for this version
• Npgsql vulnerability fix

• PostgreSQL bug causing Client, Identity Resources, and Protected Resources updates to fail
• JQuery vunerability fix in AdminUI frontend

• Clients and Users Audit screen improvements. Adding a filter option that decides how to use resource ID to filter result sets. Options for getting audits where the Client or User is the subject or the resource of the audit record.
• AdminUI frontent upgraded to use Angular 17
• Upgraded Pomelo.EntityFrameworkCore.MySql 8.0.0-beta.2 -> 8.0.0
• Upgraded AutoMapper 12.0.1 -> 13.0.1
• Docker all-in-one image and adminui image now have linux/arm64 build

• Fixed issue where updated values were not modified when AdminUI made changes to Clients and Resources
• Policy config entry bootstrapping bug fixed causing policy entry to not be added if any entries exist in the ConfigurationEntries table
• Error toast when successfully deleting ClaimType changed to success
• Missing translations added for fields added in 8.0
• Correlation and Nonce cookie security policy explicitly set to SameAsRequest, default value seems to no longer be SameAsRequest in dotnet8

• Support for Duende IdentityServer v7.0
• Support for configuring client PAR settings in client edit screens
• Moving from dotnet6.0 to dotnet8.0
• Dynamic Authentication not configured screen if the configuration setting isn't set rather than defaulting to disabled.

• Angular frontend non-moderate vulnerability fixes
• Obsoleted ClientId and ClientSecret settings will now be the WebhookClientId and WebhookClientSecret settings.
• Updating the outdated client edit screen documentation
• Configuration docs indentation was inconsistent
• The webhook documentation link was broken
• Making the effects of the delete button in user page documentation clearer
• Making migration documentation more explicit for options that run multiple migrations, such as AdminUI, IdentityOnly, and IdentityServerOnly

Note - Using a beta version of 'Pomelo.EntityFrameworkCore.MySql' package will patch as soon as non-beta is available

- Reset MFA button fixed, no longer resets password
- Encoding incorrectly overridden with Unicode in index.html static web file

- Vulnerability fix for Duende package
- Stopped using docker-compose alias

• Sliding expiration setting UI fix. Now a toggle to turn on and both absolute and sliding values are enabled when sliding is selected.
• Toast message spacing fixed, were too close together when multiple displayed
• OIDC Dynamic Auth client secret change modal fix, did not display when pencil was clicked

• Fixed ReadOnly view of Protected Resources, it would only show claim selected on a scope on the first scope it appears if selected for multiple scopes
• Removed refrence to vunerable older version of bootstrap package
• Starter mode taser page wording fixed
• Exporting clients bug fixed causing the export to fail
• Added validation and checks for white space in client id
• Fixed bug causing -dbProvider argument to be ignore when using -migrate flag
• Installer signing updated an now released for this version

• PostgreSQL bug causing Client, Identity Resources, and Protected Resources updates to fail
• JQuery vunerability fix in AdminUI frontend

• Fixed issue where updated values were not modified when AdminUI made changes to Clients and Resources
• Policy config entry bootstrapping bug fixed causing policy entry to not be added if any entries exist in the ConfigurationEntries table
• Error toast when successfully deleting ClaimType changed to success

• Dynamic Authentication wizard's initial page type icon colours didn’t contrast well.
• Get claims from user endpoint setting in OIDC dynamic authentication advanced edit tab didn’t enable save all button
• The certificate password field was enabled even without a certificate selected.
• Native clients with code + PKCE flow lost all but one advanced settings tab if all grant types are removed
• The disable option for the Dynamic Authentication feature flag would cause an error on the AdminUI startup.
• An empty client-type display name would display a blank label in the user edit screen if marked as required, which now defaults to the name identifier of the claim type.
• Allowing inputting date and time filters on Audit and Session Management tabs, date times are used, but times were hidden in AdminUI.
• Responsive fixes to edit/view client screens so the menu is usable
• The AddUserPassword feature flag did not work
• Starter mode screen has some text updates to make the message clearer
• Removed validation to make ‘/federation’ path prefix required for SAML dynamic providers
• Dockerdemo download pointed to an older version of the IdS sample

• Migration tool errors now return non 0 exit codes
• Database connection leak fixed in GET user's lightweight
• Get user's lightweight failure is fixed when no states are selected
• Audit logging failure is fixed if multiple requests occur in quick succession
• Removed logging of dynamic auth schema validation, as it is not a user action

• Added support for the RSK Dynamic Auth component that is toggled through the feature flag
• Added ability to override '<base href="/">' in index.html of static content when running AdminUI from NuGet package

• Fixed consent token lifetime input, when infinity is selected, the value is set to null instead of 0
• Change default time comparison tolerance to 5 sec
• DPoP tabs only visible in clients capable of DPoP

NuGet Package Upgrades

• System.Security.Cryptography.* 7.0 => 8.0
• Microsoft.Extensions.Configuration.* 7.0 => 8.0

• Removed reference to an unreleased version of CustomIdentity package
• Removed deprecated AzureKeyVault package

• Full support for DPoP configuration
• AdminUI API can accept DPoP tokens
• Starter License changes, expired demo keys revert to Starter edition

• The user search bar now uses the ‘starts with’ expression instead of ‘contains’ when using MySql or PostgreSQL. This makes the query more efficient.
• Audit logging intermittent write failures
• Default user check no longer creates audits.
• Fixing API docs on screens, it exists to work when AdminUI isn't served on the root of the host
• The RegEx claim edit views now only show validation errors only after an interaction.

Dependency Upgrade
- Upgrading various Nuget package dependencies

• Pomelo.EntityFrameworkCore.MySql v7.0.0
• Microsoft.EntityFrameworkCore v7.0.13
• Microsoft.EntityFrameworkCore.Design v7.0.13
• Microsoft.EntityFrameworkCore.Sqlite v7.0.13
• Microsoft.EntityFrameworkCore.SqlServer v7.0.13
• Npgsql.EntityFrameworkCore.PostgreSQL v7.0.11
• Microsoft.EntityFrameworkCore.Relational v7.0.13
• Microsoft.EntityFrameworkCore.InMemory v7.0.13

• Claim Value Search bug fix - For some DBProviders, the claim value search function didn't work and didn't work if the claim value contained spaces. 
• Claim Duplication bug - was possible to duplicate claims on user updates and creation
• Dynamic Auth Audit logging bug - only "get all" action was being logged in audit logs
• Fully migrated all options to IAdminUISettings
• NuGet pkg upgrade to the latest possible

• Support for IdentityServer 6.3 schema changes

• Dropped support for IdentityServer4, use version 6.8.x for IDS 4 support

- Broken reset MFA button, initiates a password reset not an MFA reset
- Encoding incorrectly overridden with Unicode in index.html static web file
- Updating the following packages
    - Microsoft.Extensions.Configuration.Abstractions 8.0.0
    - Microsoft.Extensions.Configuration.Binder 8.0.2
    - System.Text.Json 8.0.4

• Fixed the UI for the sliding expiration setting. Now, there is a toggle to turn on, and both absolute and sliding values are enabled when sliding is selected.
• Fixed toast message spacing; it was too close together when multiple displayed
• Fixed OIDC Dynamic Authentication client secret; change modal did not display when the pencil was clicked

• Fixed ReadOnly view of Protected Resources, it would only show claim selected on a scope on the first scope it appears if selected for multiple scopes
• Removed refrence to vunerable older version of bootstrap package
• Exporting clients bug fixed causing the export to fail
• Added validation and checks for white space in client id
• Fixed bug causing -dbProvider argument to be ignored when using -migrate flag
• Installer signing updated an now released for this version

• PostgreSQL bug causing Client, Identity Resources, and Protected Resources updates to fail
• JQuery vunerability fix in AdminUI frontend

• Fixed issue where updated values were not modified when AdminUI made changes to Clients and Resources
• Policy config entry bootstrapping bug fixed causing policy entry to not be added if any entries exist in the ConfigurationEntries table
• Error toast when successfully deleting ClaimType changed to success

• Dynamic Authentication wizard's initial page type icon colours didn’t contrast well.
• Get claims from user endpoint setting in OIDC dynamic authentication advanced edit tab didn’t enable save all button
• The certificate password field was enabled even without a certificate selected.
• Native clients with code + PKCE flow lost all but one advanced settings tab if all grant types are removed
• The disable option for the Dynamic Authentication feature flag would cause an error on the AdminUI startup.
• An empty client-type display name would display a blank label in the user edit screen if marked as required, which now defaults to the name identifier of the claim type.
• Allowing inputting date and time filters on Audit and Session Management tabs, date times are used, but times were hidden in AdminUI.
• Responsive fixes to edit/view client screens so the menu is usable
• The AddUserPassword feature flag did not work

• Migration tool errors now return non 0 exit codes
• Database connection leak fixed in GET user's lightweight
• Get user's lightweight failure is fixed when no states are selected
• Audit logging failure is fixed if multiple requests occur in quick succession
• Removed logging of dynamic auth schema validation, as it is not a user action

• Added support for the RSK Dynamic Auth component that is toggled through the feature flag
• Added ability to override '<base href="/">' in index.html of static content when running AdminUI from NuGet package

• Fixed consent token lifetime input, when infinity is selected, the value is set to null instead of 0
• Change default time comparison tolerance to 5 sec

• The user search bar now uses the ‘starts with’ expression instead of ‘contains’ when using MySql or PostgreSQL. This makes the query more efficient.
• Audit logging intermittent write failures
• Default user check no longer creates audits.
• Fixing API docs on screens, it exists to work when AdminUI isn't served on the root of the host
• The RegEx claim edit views now only show validation errors only after an interaction.

Upgrading various Nuget packages dependencies

• Pomelo.EntityFrameworkCore.MySql v7.0.0
• Microsoft.EntityFrameworkCore v7.0.13
• Microsoft.EntityFrameworkCore.Design v7.0.13
• Microsoft.EntityFrameworkCore.Sqlite v7.0.13
• Microsoft.EntityFrameworkCore.SqlServer v7.0.13
• Npgsql.EntityFrameworkCore.PostgreSQL v7.0.11
• Microsoft.EntityFrameworkCore.Relational v7.0.13
• Microsoft.EntityFrameworkCore.InMemory v7.0.13

• Claim Value Search bug fix - For some DBProviders, the claim value search function didn't work and didn't work if the claim value contained spaces. 
• Claim Duplication bug - was possible to duplicate claims on user updates and creation
• Dynamic Auth Audit logging bug - only "get all" action was being logged in audit logs
• Fully migrated all options to IAdminUISettings
• NuGet pkg upgrade to the latest possible

• Dynamic Authentication support for SAML identity providers 
• Configure the AdminUI NuGet package, using service builder options, not relying on appsettings.json 
• Support to configure schema used in OperationalStore and ConfigurationStore in IdentityServer 

• The identity/Protected Resource claims picker is now sorted 
• Screen reader accessibility Improvements for wizards

• SQL Server support in docker broken in 6.7.3 
• User-specific server-side sessions requests failing with  PostgreSQL
• MySQL audit query failing in some scenarios

• Introduces app setting of "DisableBootstrap"  for running AdminUI in a redundant pair to prevent race conditions on running migrations
• When DisableBootstrap is true, run adminui with -bootstrap command line argument to initialise database post installation

• Fixes vulnerabilities in external packages

Update 26.05.23 - Removed installer download SKU. Fix for the installer (.exe) to be released as soon as possible.

• Fixed bootstrap bug meaning preventing secret update for AdminUI API resource
• Updated swagger documentation to align with API usage, especially around paginated requests
• Fixed User validation to prevent two users from having the same email address

• Use the configuration that exists in the web application builder in the NuGet package instead of creating our own. WARNING: This change unexpectedly introduced a possible breaking change; if you modify the environment after the WebApplicationBuilder is made, these changes will be ignored. They need to occur before the builder is created.
• Docker demo Nginx.conf fix to expand the header size of the IdS sample to correct an error that occurs when trying to utilise DynamicAuth.
• Added placeholder text for all search fields to make it more transparent how the query is applied and how
• Updated documentation screenshots to reflect the latest AdminUI
• Added custom database connection documentation to the documentation navigation sidebar
• Claim type regex failure message is now only visible when the claim value does not match the regex.
• Check if the user exists before attempting to add a new user to the SSOUserStore.
• Regex validation is now only available on string Claim Types.

• Shared scopes enabled means default scope is no longer created for protected resources.
• Custom Connection Factory for the NuGet package allows connection to databases where a simple connection string will not suffice.

• Boolean claim values entered via pull down now a toggle button
• Summary wizard long text overflow
• Docs licence key line for Nuget config

Custom Connection Factory allows NuGet package users more control over creating the DbConnection.

• Added support for managing OIDC Dynamic Authentication using the Duende Dynamic Auth Feature. (Duende Enterprise Customers only)

• Added documentation for Dynamic Authentication Providers

• Improved Documentation for Azure install options

• Improved clarity on display name label.
• Revised Spanish translation to be in keeping with the technical language used.

• Fixed Full Access Users unable to view reserved Clients, Identity Providers and Protected Resources.
• Fixed default user check on AdminUI bootup from using optional UserStore.

• 6.3.0+ introduced a performance degradation for fetching users, this has now been resolved
• Deploying to Azure resulted in "Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Extensions.Logging.AzureAppServices, Version=6.0.11.0", issue now resolved

• Fixed a bug where user claims were being duplicated when an external login was removed
• Fixed a bug where the properties on a protected resource were being removed when updating the require resource indicator field
• Fixed a bug where Postgres users were getting an error when querying user sessions

• Fixed a bug where required claims with an enum claim type were being reset when navigating away from the user details page

Server Side Session Management

AdminUI can now manage users server-side sessions via the UI.

• You can view all sessions underneath the “Users” section in AdminUI.
• To see a user’s individual sessions, you can search by a users display name or Id. Alternatively we have included a new session management tab when editing a user.
• This feature is not enabled when targeting IdentityServer 4.
• If you are using Duende but want to disable this feature, you can set the EnableSessionManagement feature flag to false.

"FeatureFlags": {
....
   "EnableSessionManagement": false
....
}

Support for Large Enum Claim Types

6.5 comes with improvements for handling enum claim types with a large amount (> 50) of allowed values.

• Editing a claim type
  • When editing a claim type that has >50 allowed values there is no difference in behaviour unless the claim type has been set to reserved. In this case the UI will display a message detailing the amount of allowed values for that claim type.
• Editing claims on a user
  • When adding/editing a claim that has less than 50 allowed values on a user there are no behavioural changes.
  • If the claim that has greater than 50 allowed values the UI will show a search box instead of a drop down, prompting you for an allowewd value to find. This list will not display any values until there are less than 50 possible values available from your search.

Improvements

• Improved documentation around app configuration
  
• Improved documentation around migrations in the nuget package
  
• Clients list is now paginated
  
• LockoutEnd and LockoutEnabled are now displayed for users in the UI

• Duplicate scopes no longer displayed in the client creation wizard when the shared scopes feature is enabled
• Deleting a resource with shared scopes now correctly handles scope removal
• Fixed a bug where docker images were failing to run when connected to a SqlServer database using Kerboros authentication
• Fixed a bug where multiple pages of users would fail to load when looking at users in a given role

• Fixed a NullReferenceException in the GET endpoint of the Users controller that was caused when no query parameter was passed into the endpoint. 

• Shared Scopes
  • You can turn this feature on by setting the EnableSharedScopes flag under FeatureFlags to true in your relevant settings file 
  • The shared scopes feature allows you to share scopes across different Protected Resources rather than restricting them to a single resource
• Upgraded to Angular 14
• Moved from momentjs to Luxon, improving datetime support
  
  • All date and times are now displayed in UTC to avoid confusion. Previously some were local time and some where UTC
• Users can now navigate to a client via it's ClientId field in the Audit table if the ResourceIdentifier column in a client audit matches

Custom Identity

• IRoleStore - Renamed the FindUsersInRole method to FindUsersWithRoleStatus to clarify purpose of method.
  • This method now returns FindUsersWithRoleStatusResult which consists of a count of all users returned and a list of UserWithRoleStatus  which details the user and if they are in the role.
• IUserStore - Removed the  FindUsersWithFieldsAndOrdering Method.

• Required Claims now use Display Name
• Fixed audit dates not showing in 24hr clock

• Fixed Denial-of-Service vulnerability within the Swagger endpoint
• Fixed NullReferenceException on startup when setting the TargetIdentityServer4 flag to true
• Fixed installer bug where IIS site names were not being updated correctly on update
• Fixed installer bug where IIS site was not being removed on uninstall

NuGet Package

• You can now install AdminUI into your .NET applications using the Rsk.AdminUI NuGet package. 

Custom Identity Store

• When using AdminUI as a NuGet package you are now able to configure a Custom Identity Store for Users, Roles, and Claim Types. This will be beneficial for users who want to use AdminUI but are not using the default ASP.NET Identity schema.

Same Site

• AdminUI is no longer a separate UI and API site. When upgrading AdminUI through the installer, your UI and API sites will be merged into a single site. Your bindings will be merged too, so you shouldn't expect any downtime or post-update configuration. 

Enforcer

• Added support for the Enforcer Authorization Engine, allowing for fine-grained attribute-based authorization written in ALFA. 

For a more comprehensive overview of the 6.3 release, check out our release article

• Fixed an issue causing Postgres migrations to fail when schema checking occured even when a valid database was present
• Fixed an issue causing Postgres migrations to fail when migration history was being inserted using the -takeControl flag

• Added database level support for Duende 6.1 features. Running the all migration or the configuration and operational migrations individually will update you to the latest Duende schema.

• This will also fix the issue: Invalid column name 'CoordinatelifetimeWithUserSession`.

• Added 2 new optional config values for AdminUI when using Azure for IdentityServer configuration, the must be included in both UI and API config and match.
  
  • AdminUICustomScopeName - The scope that will protect the API of AdminUI - defaults to admin_api
  • AdminUIProfileCustomScopeName - The IdentityResource name that provides user claims for AdminUI. Defaults to admin_ui_profile

• Fixed a bug where bookmarked links would not redirect correctly after login.

• Improved logic around stale access tokens - users will now be redirected to a login page in cases where a token was deleted or expired

• Fixed a bug where AdminUI was showing timezone dependent Audits. These are now displayed as UTC timezones and are labelled as such

• Updated logic around assigning users in the User Roles section to allow Enforcer users to utilise more fine grained access

• Fixed an issue with automated client creation in the webhook configuration area causing webhooks to fail

• Introduced a new advanced search feature for the users section. You can now search for users by claim values.
• Added support for annual licensing, and expiry information in the UI.

• Fixed a bug where client secrets created on import were being hashed twice.
• Fixed a bug where cloning a cloned client wouldn’t work before page refresh.

• Fixed an installer bug where valid licenses were not being accepted. If you tried a 6.1.0 installer and failed to install or upgrade please use this download.
• Fix a bug where there API dockerfiles were pointing to the wrong location

• Added support for SAML Artifact Binding. When creating or editing a SAML Service Provider, you are now able to choose the HTTP-Artifact Binding Type for your ACS and SLO Endpoints, as well as configure ARS Endpoints. You can also configure the signing behaviour of ARS endpoints in the Advanced section when editing your SAML client. 
• The AdminUI ClientID can now be made configurable using the AdminUIClientId field in your API configuration. You may need to utilise this functionality within AzureAD, where ClientID's are often GUID's generated by Azure. We recommend you only use this functionality when facing these environment-based issues. 
• Added the ability to create native clients with the Authorization Code + PKCE grant type via the client creation wizard.
• AdminUI will now return an error message if, when searching in the Users area, an error is thrown relating to missing/incorrectly named stored procedures.
• Updated documentation surrounding Access Policies.
• Experimental: Added support for the Enforcer Attribute-Based Access Control Engine. This will enable you to have finer grain control of AdminUI permissions, e.g. restricting access to certain roles or clients. Please contact [email protected] for more information.

• Fixed issue with migration tooling that caused migrations to fail if an invalid DbProvider existed in API configuration but a valid provider was passed in using the -dbProvider CLI argument.
• Fixed API and IdentityServer Healthcheck messages being logged at the wrong level.
• Fixed issue with URL-style scope names (e.g. api://someurl/accounts.read) causing errors when updating from within the protected resource claims tab. 

• Fixed an installer bug where valid licenses were not being accepted. If you tried a 6.0.X installer and failed to install or upgrade please use this download.

• Fixed a bug where PostgreSql SAML migrations were failing. This will fix the error stating that "Migrating from serial to identity is not supported."

• Fixed a bug in client export where "CibaLifetime" and "PollingInterval" were not being exported
• Fixed UI bug in client export secrets section

•  Duende IdentityServer v6 Support: Added the ability to choose the new CIBA grant type when creating a machine client. Selecting the CIBA grant type will allow you to specify the CIBA Lifetime and Polling Interval values in a new dedicated CIBA Configuration tab when editing a client.
• AdminUI now targets .NET 6
• Added 'DisplayName' field to Claim Types. When creating a Claim Type, you will now be able to define a friendly name for it. This name will be used within
• AdminUI when available. When it is not available, AdminUI will display the regular Claim Type name.
• Updated the User Registration Webhook to send across the newly created user's SubjectId
• Removed dependency on Azure Container Registry in Docker Demo
• AdminUI now supports the latest SAML schema

Notice: If you are using MySql as a database provider, there is a possibility for users to run into a data truncation error when performing the migrations for AdminUI v6 if they have either a RedirectUri or a PostLogoutRedirectUri that is longer than 400 characters. This is due to a change made by the Duende team to reduce the column length for these fields in order to stop index creation errors in MySql.

• Reduced BFF cookie size
• PostgreSQL fix  

• The ability to clone an existing client
• Two new client secret types (RFC 7523 & mTLS)
• No more tokens in the browser
• New installer
• Client settings have been simplified
• User Search improvements (first name + last name)
• Changes to using Docker

Read the release notes here

• Fixed SAML migrations failing when using PostgreSQL

• Updated csp rules to fix Audit and Export file downloads failing in Chrome

• New Wizard type for creating web application clients using PKCE
• Improved UI Consistency during import of client configuration

• AdminUI 3.0 no longer supports: Internet Explorer 11 (IE11) and SQL Server 2008
• AdminUI now runs on .Net Core 3.1

• Fixed inconsistent UI inside the Import wizard.

• Import and Export your client configuration (in-depth details in the documentation)
• Redesigned splash, loading and home page alongside a new login animation
• Improved /swagger endpoint metadata, with response codes and object models.

Read the release notes here

• Fixed CORS parsing in SPA wizards for templated URL

• Fixed a bug with Password Reset Webhook button not functioning as intended when in non-demo use. 

• New Role User Management feature providing a faster and more efficient method to add and remove multiple users from a role
• Refreshed landing page text & layout
• Added SQL guidance link to the installer
• User code generator type now defaults to a null value
• Modals no longer close when you click off them
• User page now refreshes when filtering
• AdminUI set password will be always be set to true when using a demo license key
• Clearer error messaging for configuration validation on startup

• Fixed bug where AdminUI installer would crash on first-time setup

• PKCE Spa client wizard and configuration
• WS-Federation Rely Party wizard and configuration. Docs
• SAML Service provider wizard and configuration. Docs
• New installer with optional IdentityServer4 quickstart example. Docs
• Upgraded AdminUI’s authorization flow with PKCE
• Documentation is now bundled with the Application to enable offline use
• New migration methods within AdminUI view here
• Improved accessibility support
• UI improvements:
  • Implementation of a sticky content header bar
  • New Client Wizard start screen, with new descriptions and summaries
  • Implementation of consistent UI and UX patterns and content

• Fixed Silent refresh causing unauthorized callback
• Fixed login redirect causing 404 when running on a virtual path
• Added missing translations
• Fixed Password reset button disappearing upon refresh

Please be aware that this version changes how database migrations are performed in AdminUI, offering a simpler, more secure approach going forward. You can read more about this in our documentation. 

• Added the option to add a different connection string for the persisted grants DbContext by adding the field "OperationalConnectionString" to the API web.config. If OperationalConnectionString isn't added, the behaviour will remain unchanged
• Enabled logging configuration to allow users to change the log level and the logging template. Click here for the documentation for further details on using LoggingMinimumLevel and LoggingOutputTemplate.

• Added .NetFramework 4.7 as a requirement to the installer, fixes issues with the installer crashing on operating systems less than 4.7.x
• Fixed issue with legacy SqlServer user paging.

• Sensitive data leakage in Audit records when combined with the un-recommended AdminUI password reset feature

• Uses IdentityServer database connection string for Audit if no explicit audit database connection string defined universally

• Full system audit, IdentityServer and AdminUI audit events in one place
• Audit views for users and clients
• Hyperlinks from audit records to users and clients
• Permission to access audit records
• Filter audit records by Source, Subject, Action, Resource and Outcome
• Bookmarkable audit queries
• CSV export of audit records
• Compatible with our free audit library available on Nuget ( RSK.Audit.EF )
• Improved usability on client wizard splash screen
• Device Flow client wizard
• Advanced Device Flow configuration page
• Improved accessibility (Thanks to Sean Farrow for his help!)

• Fix compatibility issues with .Net Core hosting bundle
• Corrected typos
• Fixed hard refresh on certain pages
• Improved load times by upgrading to Angular 6
• Fixed missing translations
• Minor UI and UX tweaks

• Fixed issue with deleting the wrong client secret
• Add User Password not being interpreted correctly in docker

• Configurable AdminUI administrator permissions, managed within AdminUI
  
• Added UI for managing user external login data
  
• Landing page redesign, including an RSS feed to stay up to date with the latest AdminUI news
  
• Added internationalization for Spanish & French based on browser culture
  
• Updated licensing functionality to show license type within UI screens

• Added error message when creating API scopes with duplicate names
• Added error handling for client applications with duplicate display names
• Fixed redirect after deleting an identity resource
• Fixed an issue where Boolean values were being submitted using browser language
• Fixed ability to add multiple scopes one after another
• Improved regex check when adding claims
• Fixed client display when non-OpenID Connect client applications are manually added to the database
• Fixed reported missing translations
• Fixed issues on the user settings endpoint And a whole host of other minor UI and UX tweaks!

• Replaced CDN usage with locally-hosted libraries. 
• Adding multiple protected resources and scopes no longer retain data across creation screens
• Added missing translations
• Improved resiliency of silent refresh

• Fixed an issue where only the top protected resource scope could be edited
• Client creation now correctly uses scopes instead of resources
• Fixed UserSettings endpoints erroring when a user had missing required claims

• Multi-Language Support: English, German, Chinese (Taiwan), and Chinese (Simplified)
• Improved Support for IE11
• Soft deletion now scrubs user credentials from the database
• Default user & password policy settings can now be modified New overloads to IdentityExpressDbContext to improve extensibility
• Now includes support for setting client claims prefix value

• Re-enabled support for SQL Server 2008
• Improved performance for role searching
• Fixed a typo in the Postgres database provider
• Fixed labels on Client:Advanced:Tokens
• Fixed always send claims checkbox never updating
• Fixed issue with 2.0 not running on a path

• The first version to support IdentityServer4 v2.x