November 2023

This document provides information about Ascertia ADSS Server. Browse through the following topics to find out about new features, product enhancements, improvement, known issues, and limitations for this release.


For information related to tested 3rd party components such as operating systems, database servers, and Hardware Security Modules, please review Ascertia Platform Support, this can be found here: https://www.ascertia.com/product-documentation/platform-support/


Ascertia ADSS Server has successfully completed Common Criteria certification at the EAL4+ Assurance Level. For details, visit https://www.commoncriteriaportal.org/products/index.cfm, under Key Management Systems.


New Features

  • ADSS Server Unity Console new features:

The Ascertia Unity in ADSS Server 8.3.1 introduces new modules such as RAS Service and SAM Service, with plans for updating additional services in forthcoming releases. Operators can seamlessly switch between the ADSS Server Classic console and Unity console with a simple click.


  • Support to achieve document confidentiality in ADSS Verification Gateway

Jira ID – (ADSS-19291)

The Verification Gateway has been enhanced to achieve document confidentiality. Verification Gateway will not send the whole document to backend Verification Service, instead the verification gateway extracts the signature and hash and sends to the verification server for signature verification and/or enhancement across all supported Signature Types (PAdES, CAdES, and XAdES).

Verification Service within the ADSS Server Client SDK now possesses the capability to generate and verify timestamp tokens for provided hash or timestamp tokens, introducing a new signature format called Timestamp.


  • Support for OpenJDK 17 in ADSS Server

Jira ID – (ADSS- 14869)

The ADSS Server has been upgraded and enhanced to operate on OpenJDK version 17.44+15.


  • Support for Import Signature Appearance

Jira ID – (ADSS- 17424)

Introduced a new feature has been introduced to streamline the importing of exported files into the PDF Signature Appearances list. This enhancement includes the integration of an "Import" button within the PDF Signature Appearances section, facilitating the management of signature appearances within PDF documents.


  • Support to install Go>Sign Service in preferred directory

Jira ID – (ADSS-15172)

The introduction of a new feature in the Go>Sign Desktop installation process now grants users the flexibility to select their preferred directory, enhancing alignment with individual requirements during installation.


  • Support to provide an option CUSTOM_DATE in SAM Profile

Jira ID – (ADSS- 19286)

The ADSS Server has been enhanced to incorporate a custom date setting option within the SAM Profile specifically for SAD expiry. Administrators now have the capability to select "CUSTOM_DATE" from the drop-down menu and subsequently input a precise date utilizing the provided date-picker interface.


  • Support of external authorization servers (IdPs) for service authorization in ADSS RAS Server

Jira ID – (ADSS- 17261)

The ADSS RAS server has been enhanced to support external authorization servers (IdPs) for service authorization through the utilization of SAML or OpenID Connect.


Product Enhancements

  • Enhanced ability to disable "Compute final hash at signing time" option when use padding scheme PSS

Jira ID – (ADSS-17762)

The ADSS SAM Service console has been enhanced to support the disabling of the "compute hash at signing time" checkbox when the PSS padding scheme is selected. This modification enables the ADSS SAM Service to accept the both Hash and signAlgoParam parameter as a result of this change.


  • Enhanced OpenID Connect User Identification in RAS/SAM via Custom Attributes

Jira ID – (ADSS-19387)

The ADSS RAS/SAM service has been enhanced to enable user identification through custom attributes within assertion data when utilizing an OpenID Connect IdP for external remote authorization.


  • Enhanced RAS/SAM with separate Authorization Request expiry and SAD Request expiry

Jira ID – (ADSS-18888)

The ADSS RAS/SAM Service has been updated to offer distinct settings for SAD expiry and authorization request expiry, facilitating the management of expired authorization requests separately.


  • Enhanced support of JSON-Based SAD for RAS/SAM Authorization

Jira ID – (ADSS- 19288)

The ADSS RAS/SAM Service has been upgraded to accommodate JSON-based SAD for credentials authorization in RAS/SAM services, introducing a new property named "SAD_FORMAT" within the Global Settings > Advanced Settings under the SAM Tab. This property allows the selection between two values, JSON or XML, for SAD formatting.


  • Enhanced ADSS TSA Server to specify the list of supported Hash Algorithms

Jira ID – (ADSS- 13861)

This enhancement empowers the TSA service with the capability to specify and add a list of supported hash algorithms.


  • Enhancement of storage of data-to-be-displayed distinct from the SAD

Jira ID – (ADSS- 19289)

The ADSS Server now facilitates the separate storage of data-to-be-displayed distinct from the (SAD). This not only reduces the size of the SAD but also significantly enhances performance.


  • Enhanced validation checks for Certificate generation

Jira ID – (ADSS- 17505/ ADSS- 17504)

Enhanced validation checks for reserved IP Address and Internal Name according to WebTrust and CA/B Forum guidelines in certificate generation for SSL and EV-SSL certificates.


  • Enhanced the functionality of private key retrieving from Thales HSM for ADSS SAM Service

Jira ID – (ADSS- 19431)

The ADSS Server has been upgraded to exclusively provide a private handle for retrieving the private key from the HSM, eliminating the necessity for the public key handle. This will improve the performance of utilization of key handling.


  • Enhanced the functionality to list down all the pending requests

Jira ID – (ADSS- 18887)

In this enhancement, we have included the capability to retrieve and display a list of all pending requests for a user.


Known Issues

 

List of known issues and workarounds if available.


https://www.ascertia.com/product-documentation/adss-server/



Technical Support

 

If Technical Support is required, Ascertia has a dedicated support team. Ascertia Support can be reached/accessed in the following ways:


Support Details

Website

https://www.ascertia.com

Email

support@ascertia.com

Knowledge Base

https://www.ascertia.com/products/knowledge-base/adss-server/

FAQs

https://ascertia.force.com/partners/login


In addition to the free support services detailed above, Ascertia provides formal support agreements with all product sales. Please contact sales@ascertia.com for more details.


When sending support queries to Ascertia Support team send ADSS Trust Monitor logs. Use the Ascertia’s trace log export utility to collect logs for last two days or from the date the problem arose. It will help the support team to diagnose the issue faster. Follow the instructions on how to run the trace log export utility.