Skip to content

Release Notes 4.7.1

Overview

This document outlines the updates, improvements, and fixes introduced between versions 4.6.0 (released on Feb 03 2025) and 4.7.1 (released on Mar 03 2025) of the Excalibur v4 software.

New Features

Excalibur as a SAML Identity Provider support

  • A new section has been added to the left menu. This section includes Service Providers, Service Provider Groups, and the Identity Provider section.
  • The Identity Provider section provides metadata required for service provider configuration. There are three ways to obtain Excalibur IdentityProvider metadata: via URL, using the Copy button, or downloading it directly.

image

Figure 1. Excalibur Identity Provider Metadata

  • On the initial visit, the metadata will not be available because no signing certificate has been generated yet. Users can quickly generate a signing certificate using the deployment CA, with default values prefilled for expiration time and RSA key length. Alternatively, users can upload their own custom certificate and private key.

image

Figure 2. Create Signing Certificate

  • Users can also renew the signing certificate. In this case, a warning dialog appears, notifying the user about possible risks.

image

Figure 3. Renew Signing Certificate

  • The Service Providers section lists all connected third-party applications in a paginated table.
  • Users can create or update a service provider by either providing the metadata URL or uploading the metadata as XML, either directly through a text area or via file upload.

image

Figure 4. Service Provider list

  • The Service Provider Groups section allows users to organize service providers into groups, which can be used later in security policies.

image

Figure 5. Edit Service Provider Groups

Authentication using passkeys

  • Users can now create and log in using a Passkey. Each user can have only one Passkey, and it’s tied to the user, not the tenant — meaning the same Passkey works across all tenants where the user is registered. Users, including admins, can only see and manage their own Passkey, with options to edit or delete it.
  • A new Authenticator table was added to the database to support this. Passkeys and tokens are now retrieved by authenticatorID instead of by ID, which impacts how tokens, actions, multi-user handling, and tenant management work.

image

Figure 6. Passkey settings

Mobile Application

  • Support Huawei App Gallery

Usability Improvements

Reworked Geofences UI

  • This work item introduces a new dedicated page for creating and editing Geofences. The main changes include a Create/Edit Geofence page, where users can create new geofences or modify existing ones.
  • The form includes general information fields like Name, Latitude, Longitude, and Radius, along with a Geofence Groups autocomplete field that allows assigning multiple groups to a single geofence. A Places Autocomplete field lets users search for a specific location — when a place is selected, the geofence parameters (coordinates and name) are automatically filled based on the selected location.
  • A Display All Geofences switch has also been added, letting users toggle between showing or hiding all accessible geofences on the map.
  • If a geofence or geofence group linked to a Security Policy is edited, a warning dialog appears, informing the user about the potential security impact. The user must confirm this dialog to proceed with saving changes.

image

Figure 7. Create Geofence

image

Figure 8. Edit Geofence

image

Figure 9. Display All Geofences switch

Added “Created By” column to invitations

image

Figure 10. Invitations with Created By column

Added "Remaining attempts" to the registration

image

Figure 11. User Registration with Remaining Attempts

…and more minor fixes and improvements