Upgrading from 10.1.X to 10.2.0

SCIM Delegations endpoint

SCIM Delegations endpoint now returns custom data added to a delegation using a token procedure. In case sensitive data is added to the delegation, that data will also be included in the new attribute, customData, and hence it is advisable to configure an attributes authorization manager.

Authentication level

To improve authentication back-navigation behavior and user experience, a new path segment is sometimes added after the authentication endpoint path, in the position typically used for the authenticator name or for the _action constant. As a consequence, there can be a collision between this new path segment and an authenticator name. The added path segment starts with a tilde (~) and is followed exactly by a lowercase char and then by two more random alphanumeric chars (e.g. ~bA5, ~c2x, ~def). In case there is an authenticator with a name following this pattern, then the authenticator name needs to be changed to avoid the name collision.

Note that creating authenticator names that start with a tilde (~) was already not possible via the Admin Web UI, however it is possible via XML upload, idsh, or the RESTCONF API.