This document summarizes known issues and workaround where available.

• Issue #96633: Tenant upgrade/import/export/reconfiguration using the Configurator returns an error when the tenant uses a signing certificate in Windows Certificate store and its public key is not imported to LocalMachine\TrustedPeople.

  • Workaround: Import the public key of the signing certificate to LocalMachine\TrustedPeople.

• Issue #96238: Unique domain check is not done on the Domain-based filter for Home Realm Discovery setting of an Identity provider. When two Identity providers have that setting set to the same domain, the Domain-based filter HRD rule fails to work properly.

  • Workaround: Do not set the same domain to the Domain-based filter for Home Realm Discovery setting of more than one Identity providers.

• Issue #96466: User is asked to re-enter his or her user name or email on the Domain-based HRD's page when the input value contains spaces.

  • Workaround: Customize the Domain-based HRD view to trim all spaces at the start and end of the input value before submitting the value.

• Issue #91982: Open the Settings/System tab, set an invalid email to the Email claim type setting which triggers an error on saving. Even though you correct the Email claim type setting after that, saving System settings still shows a strange error.

  • Workaround: Refresh the Setting page when you encounter a validation error message on this page.

• Issue #96130: After entering an OTP sent via email or SMS wrong many times, users are redirected to an error page without any option to restart the login or getting a new code.

  • Workaround: Users can close and start another login attempt. There can be another workaround that needs a quick change to the OTP error view, but we need to test it thoroughly first.

• Issue #92537: Cannot update resources, e.g. claim transformation, using the Admin interface when their names contain special characters.

  • Workaround: Ensure the resource name does not contain special characters when you create a new resource. You can call REST APIs to update content of existing resources.

• Issue #93450: Cannot import Identity providers or Applications to Identify when their certificates are expired.

  • Workaround: Open the schema_AuthenticationConnections.json and schema_ProtocolConnections.json files (or any JSON files that contain connection data to import) and update the "isSelfSigned": false attribute to "isSelfSigned": true. Remember to save your changes before you start the import action.

• Issue #92373: [LinkedIn] Users encounter The application is disabled message when using the LinkedIn provider.

  • Workaround: N/A. LinkedIn has updated their login API. We will issue a fix in the next version.