Skip to content

@idrop idrop released this Feb 24, 2021

View Diff

  • Removed processing of assertions received from EU Member States. The configuration parameter europeanIdentity, if present, and child elements must be removed in order for the VSP to start.

Zip file should have the following checksum:

$ shasum -a 256 /tmp/
6db309bfc34a006ab853cf15fc91df2c533fd6cc58f3bbdbfd8f62a5cf8b0ae4  /tmp/

Assets 3

@Wynndow Wynndow released this Sep 29, 2020

View Diff

Update truststores with new CAs

The production truststores now contain the new G3 CAs. The test truststores include the new test G3 CAs as well as the long lived dev-pki CAs.

Allow empty truststore configuration

It's now possible to have an empty truststore section in the config template if the environment is provided. Previously the app would fail to initialise even if valid config was provided with environment set but empty truststore section.

Updated Compliance Tool's URL address

The Compliance Tool has started using the new URL address instead of the old URL address This is to ensure that Verify Service Provider can continue to access the Compliance Tool.

Zip file should have the following checksum:

$ shasum -a 256 /tmp/
02c35bf6c6bcd985431301ca032e289fb1124020ca2ab7cff9adc6f8460ed4f2  /tmp/

Assets 3

@Wynndow Wynndow released this Oct 22, 2019

View Diff

Accept identities from more European countries

The eIDAS specification does not require assertions to be signed, whereas the Verify specification does. This release adds the ability to for the VSP to accept these unsigned assertions in a secure manner.

This is achieved by validating the signature of the original eIDAS SAML Response from the country which is now passed through to the VSP. Signed eIDAS and Verify assertions are still verified as before.

Configuration Changes

  • Configuration parameter hubConnectorEntityId in the europeanIdentity section is now optional and can be removed from the configuration file.
  • Configuration parameters europeanIdentity and msaMetadata are now mutually exclusive. The VSP's eIDAS support is only available when it operates without an MSA.

Zip file should have the following checksum:

$ shasum -a 256 /tmp/
826f83fea88f097738cb6bae318ce8767c630e06bd13424f868a4d89f2459a58  /tmp/

Assets 3

@jakubmiarka jakubmiarka released this Mar 5, 2019

View Diff

Connect to GOV.UK Verify using only the VSP

This release adds the ability to connect to GOV.UK Verify using only the Verify Service Provider (VSP). This means services can connect without needing to host a Matching Service Adapter (MSA). If needed, services can then implement matching independently from their connection to GOV.UK Verify.

Using only the VSP makes it easier to connect to GOV.UK Verify and reduces maintenance tasks once connected.

When used alone, the VSP provides the required MSA functionality. It will:

  • implement security features to the same level as the MSA
  • handle both GOV.UK Verify and European identities
  • do Personal Identifier (PID) hashing

If you are already connected to GOV.UK Verify and are running an MSA, you can upgrade to VSP 2.0.0 without needing to do any configuration changes.

If you want to switch off your Matching Service Adapter and only use the Verify Service Provider to connect to GOV.UK Verify, contact the GOV.UK Verify Team.

Improved command line interface

You can use the VSP's new development command when setting up your own client for the VSP.
Find out more about the development command and its options.

Updated technical documentation

We published updated technical documentation on setting up the VSP.

Follow the step-by-step guides in the 'Get started' section to make sure your service correctly uses the VSP to handle:

If your service needs to match user information from GOV.UK Verify with data you already hold, there is guidance on what you should consider when setting up matching.

Metadata health check changes

Changed metadata health check names to use the URI of the metadata they are trying to resolve. For example, the healthcheck title that used to be hubMetadata is now If you are using a Matching Service Adapter, the healthcheck title msaMetadata becomes your metadata URI, for example https://msa.govservice.internal.

Dropwizard version

This release uses Dropwizard 1.3.9.

Zip file should have the following checksum:

$ shasum -a 256 /tmp/
9c4e10fb28de1a8422824b8f5900ca7c763025e1ead81a27d8dc67d7fefa7717  /tmp/

Assets 3

@SKeerthana SKeerthana released this Dec 6, 2017

View Diff

  • Change trust store configuration schema to match MSA
  • Make the banner that prints on startup less wide

Configuration Changes:

  • If using a custom file-based trust store configuration, replace:
- trustStorePath: /path/to/file
- trustStorePassword: foobar

+ trustStore:
+   path: /path/to/file
+   password: foobar

Zip file should have the following checksum:

$ shasum -a 256

Assets 3

@richardTowers richardTowers released this Nov 9, 2017

  • Add support for the Address History user account creation attribute
  • Add ENVIRONMENT configuration option to replace hubSsoLocation and metadataUrl.
  • Send version number to hub
  • Support multitenancy
  • Improve documentation
  • Improve healthcheck logging

Configuration Changes:

When using environment variables:

  • Replace SERVICE_ENTITY_ID with SERVICE_ENTITY_IDS, which is a JSON string array containing the entity id of the service (or services) using the Verify Service Provider (e.g. '["http://entity-id"]')
  • Add VERIFY_ENVIRONMENT, specifying the environment of the Verify Hub to run against. Valid values are PRODUCTION, INTEGRATION, or COMPLIANCE_TOOL.

When using a yaml file:

  • Replace serviceEntityId with serviceEntityIds, which is a list containing the entity id (or ids) as above
  • Remove hubSsoLocation and verifyHubMetadata
  • Add verifyHubConfiguration as below. This will contain an environment option specifying which hub environment to use, removing the need to specify the hubSsoLocation or metadata url.

Zip file should have the following checksum:

$ shasum -a 256

Assets 3

@richardTowers richardTowers released this Oct 5, 2017

Fixes a bug with expected names and date formats in user account creation attributes.

Zip file should have the following checksum:

$ shasum -a 256
Assets 3
Sep 11, 2017
Release 0.2.0-73
Release candidate for DBS and external penetration testers.
Jul 20, 2017
TT-825: Rename test paas scripts as dev-deployment
We will use the deployed application for development purposes, hence the
name "dev" for this environment.

Also remove build_and_push as it is no longer used

Authors: @tunylund @georgievh @sgreensmith