Skip to main content

Hotfixes

Latest release version: 19.07.01

The following lists hotfixes for the Identity Platform release 19.07 and later.

[ 19.07.01 hotfixes ] [ 19.07 hotfixes ]

19.07.01 hotfixes

Release No.

Release Date

Ref ID

Description

19.07.01-38

15-Mar-2023

EE-2684

Passcode App Update – Supports the ability to register on more than one computer.

This requires an updated version of Passcode for Windows or Passcode for Mac.

EE-2702

Email Template Save Issue – Addressed issue with updating and saving the OTP Email Template on the Overview tab in full cloud instances.

EE-2967

API Update – Update compatibility between newer Identity Platform enrollment data and existing APIs.

EE-3074

SAML Post Issue – Added logic to support SAML Post workflow redirects through adaptive auth (group restriction).

EE-3098

LDAP Authentication Improvement – Added logic to make LDAP authentication over SSL/TLS more secure.

19.07.01-37

23-Aug-2022

EE-2828

OIDC Issue – Added logic to better handle the post logout redirect URI.

19.07.01-36

04-Aug-2022

EE-2559

Proof Key for Code Exchange (PKCE) Improvement – Improve PKCE support to revoke access tokens without a client secret.

EE-2592

QR Enrollment Page Improvement – Added new help text for end users on the QR enrollment page.

EE-2750

Enhanced SAML Consumer – Added the ability to integrate the Identity Platform as a SAML SP with Arculix or any third-party IdP.

For information about setting up the Identity Platform and Arculix integration, see SecureAuth IdP and Arculix integration.

EE-2777

Air-Gapped QR Code Support – Added support for QR enrollments for time-based one-time passcodes (TOTP) in an air-gapped environment.

EE-2855

Digital Fingerprint (DPF) in 2019 Theme Issue – Addressed issue with browser device fingerprint sometimes not pushing out MFA.

19.07.01-35

05-Apr-2022

EE-2476

RBAC Configuration Issue – Addressed an issue with saving configuration changes to the role-based access control (RBAC) on the UI.

EE-2560

Adaptive Auth Redirect Issue – Addressed issue with signature validation in SP-init redirect to a different realm.

EE-2598

AppPool Performance Improvement – Improve AppPool performance with Identity Platform call to SecureAuth cloud services.

EE-2604

Country Code Lookup Issue – Addressed issue with the default country code issue on the Classic Multi-Factor Methods tab.

EE-2607

Audit Log Update – Update in the Auth API to mask knowledge-based answers (KBA) in the Audit logs.

EE-2638

Digital Fingerprint Issue – Addressed issue with user agent string picking up identical digital fingerprint settings in Google Chrome and Microsoft Edge.

After applying the hotfix, this issue can still occur for a specific configuration. See this KB article for a workaround: Workaround for digital fingerprint hotfix

19.07.01-34

10-Jan-2022

EE-2043

Custom Token Value Support – New option to Base64 encode the custom token value.

EE-2181

Webservice Profile Lookup Issue – Addressed issue causing removal of profile data. The following describes this issue in more detail.

A rare scenario occurs in the web service when the lookup for a user's membership succeeds, and in the same request, the profile lookup times out. The user does not receive an error and it allows the user to proceed in the login workflow.

If the login workflow included a multi-factor method (MFA), a different error message would display, related to not finding any MFA in the user's profile.

If the login workflow is only username and password, then the login would succeed and save an empty profile for the user. This issue clears all writable values in the user profile.

This issue first occurred after a previous hotfix (EE-2253) to reduce the web service timeout to a reasonable value (5 seconds).

Web service timeouts usually occur when the login to a realm has been idle for too long and suspends itself.

The hotfix prevents the user profile from clearing out by not allowing the user to continue in the current login request during a timeout. If the timeout is due to an idle realm, the second attempt normally succeeds and the user can continue the login workflow.

EE-2344

Azure AD Password Reset Support – Added inline support for password reset of Azure AD synced users.

EE-2438

JSON Web Token Support – Added support for iat (issued at) attribute.

EE-2443

Adaptive Group Check Issue – Addressed issue to ensure that the adaptive group check is correctly performed after an invalid password attempt.

EE-2465

Proof Key for Code Exchange (PKCE) Improvement – Improve PKCE support to allow Refresh Token use without the client_secret.

EE-2469

SQL Database Log Improvement – Improve null handling for SQL database logs.

EE-2475

2019 Theme Issue – Addressed display issue in 2019 Theme for the OIDCEndSession.aspx page.

19.07.01-33

18-Oct-2021

EE-2121

Mobile Authentication – Fixed issue where an extra comma was incorrectly added to a payload file.

EE-2248

Email Template Support – Reinstate support to customize email templates in the Identity Platform for cloud deployments.

EE-2261

OIDC Issue – Added logic to better handle double logins in use cases where the user clicks Submit, and presses Enter.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-2331

2019 Theme Issue – Reinstate support in the Classic Experience Web Admin for the URL links to Forgot Username, Forgot Password, and Restart Login pages for the 2019 Theme.

EE-2345

Web Admin UI Issue – Addressed issue with the Test Connection button on the Data tab.

EE-2351

This is an update to the following issue reported under EE-2120 in hotfix 19.07.07-32.

OIDC Issue – Added logic to better handle login prompts.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

19.07.01-32

30-Jul-2021

EE-1652

Password Throttling API Response Message – Added additional clarification to password throttling AP response message.

EE-1663

Device Fingerprint Optimization – Device fingerprint profile (DFP) optimized when realm is configured in Private Mode only.

EE-1814

SAML OneTimeUse Condition Support – Added support for the SAML OneTimeUse condition.

EE-1825

QR Enrollment Issue – Addressed issue when using an email address during login to the QR enrollment page. 

Install this hotfix you have:

  • Multi-Factor App Enrollment – QR Code realm

EE-1969

SAML Assertion Update – Added support for FriendlyName user attribute.

To use the FriendlyName user attribute, it requires the following application setting in the web.config:

<add key=“ExtendedSAMLAttrXXFriendlyName” value=“YourFriendlyName” />

Where XX is a number between 1-10 associated with the attribute.

For Identity Platform cloud deployments, contact Support to update your web.config.

EE-2077

IPv6 Address Handling Improvement – Enhanced ability to better manage IPv6 addresses.

EE-2092

Added New Response Times to Audit Logs – Addressed issue to include OTP response times in audit logs.

EE-2106

Default MFA Delivery Options Improvement – Added logic so that the first MFA option on the list is always selected by default.

EE-2116

OpenID Connect Scopes Issue – Resolved an issue with OpenID scope values not rendering correctly for OIDC Authorizations.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-2120

OIDC Issue – Added logic to better handle login prompts.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-2251

International Phone Format Issue – Addressed an issue that affected some international phone number formats.

EE-2253

WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups.

EE-2265

This is an update to the following issue reported under EE-1967 in hotfix 19.07.01-31.

Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable.

19.07.01-31

28-May-2021

EE-1748

Maximum Device Count – Resolved an issue where, when users reached the maximum limit of registered devices, no warnings were displayed.

EE-1822

2019 Theme Issue - Password Inline Warning – Resolved an issue where users couldn't bypass the prompt to optionally change their password.

Install this hotfix if you have:

  • 2019 Theme selected on the Overview tab

EE-1855

Error Handling Improvement – Added additional logic to better manage errors that occur when using the API OTP validate endpoint.

Install this hotfix if you have:

  • Authentication API enabled

EE-1856

Security Optimization – JQuery.js file optimized for security best practices.

This hotfix is required for 19.07.01 deployments.

EE-1967

Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable.

EE-1972

Adaptive Endpoint Issue – Resolved an issue causing the endpoint to incorrectly prompt for 2FA for users in an allowed group.

EE-2003

2019 Theme Issue - Profile Missing page – Resolved an issue where the Restart Login link didn't display on the profilemissing.aspx page.

Install this hotfix if you have:

  • 2019 Theme selected on the Overview tab

EE-2040

AD LDS Account Unlocking Issue – Addressed an issue causing the Identity Platform to incorrectly see accounts locked that had been previously unlocked by (AD LDS).

Install this hotfix if you have:

  • AD LDS data store integration

Note

A fallback xml attribute for the lockout duration was added to the web.config. Contact Support for more information.

EE-2050

Security Optimization – Angular.js library optimized for security best practices.

This hotfix is required for 19.07.01 deployments.

EE-2059

Web Service Realm Issue – Resolved an issue that caused disabled WebService realm to continue to function if the username and password existed.

Install this hotfix if you have:

  • Web Service (Multi-Datastore) integration disabled on the Data tab

EE-2070

Login Delay Issue – Resolved an issue resulting in potential delays for the login page when using IWA or Transparent SSO.

Install this hotfix if you have:

  • IWA workflow

  • Transparent SSO workflow

EE-2110

Security Optimization – Redirect pages optimized for security best practices.

This hotfix is required for 19.07.01 deployments.

19.07.01-30

03-Mar-2021

EE-1854

Web Admin Optimization – Removal of unused code and subfolder from the SecureAuth Identity Platform Web Admin project folder.

EE-1864

WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the wreply field.

If a wreply setting is configured, the hotfix will use the host of this setting for the new allow-list.

There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list.

Install this hotfix if you have:

  • WS-Federation integrations

EE-2051

Self-Service Account Update Theme Issue – There were some missing labels on the AccountUpdate.aspx page using 2016 or 2019 Themes.

Install this hotfix if you have:

  • Self-service Account Update page configured

  • 2016 or 2019 Theme selected in the Overview tab

EE-2060

Security Optimization – OIDC authorization with PKCE optimized for security best practices.

This hotfix is required for 19.07.01 deployments.

EE-1960

Hotfix Installer Update – Hotfix installer updates the cloud certificate URL to use https.

EE-2046

Hotfix Installer Update – Hotfix installer uninstalls Metricbeat.

19.07.01-29

29-Jan-2021

EE-1979

Updates to Audit Logging for SQL – Audit logging updates for SQL data store response times. 

Install this hotfix if you have: 

  • SQL data store integration

EE-2004

SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful.

Install this fix if you have:

  • SAML applications configured in the Application Manager

  • SAML applications configured in the Post Authentication tab

Important

By installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date.

To override this setting to allow expired certificates, set the following application setting in the web.config:

<add key="BlockSAMLRequestCertExpiration" value="False" />

EE-2039

Performance Issue Update – Enhancement to an earlier hotfix for this issue.  Better exception handling to improve system performance during login and enrollment workflows.

EE-2042

RBAC Group List Issue – In the RBAC admin interface, the autocomplete text incorrectly pulls all group names. 

Install this hotfix if you have:

  • RBAC rules configured

  • High number of Active Directory groups (reported by customers with 1000+ groups)

19.07.01-28

07-Jan-2021

EE-1804

Submit Form Post Issue Update – Update to a previous hotfix for this issue. The Submit Form Post realm incorrectly removes password data following certain special characters. 

Install this fix if you have:

  • Submit Form Post configurations

EE-1826

Transformation Engine Support for OIDC / OAuth2 Workflows – Transformation Engine now supports OIDC / OAuth2 workflows.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1877

Service Provider Metadata XML Issue – In the New Experience, the metadata XML exports in the wrong format.

EE-1897

Performance Enhancements – Update exception handling to improve system performance during login and enrollment workflows.

EE-1989

2019 Theme Issue with Login Workflow – Users can't login with the 2019 theme in Internet Explorer 11 or Office 365 using embedded browser controls. The Submit button stays disabled at login.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

19.07.01-27

30-Oct-2020

EE-1833

Multiple Workflow Configuration Issues – Resolved issues with setting up a multiple workflow configuration and password throttling validation issue.

Install this hotfix if you have:

  • Multiple Workflow Configuration enabled and configured in the Workflow tab

  • Password Throttling enabled and configured in the Workflow tab

19.07.01-26

21-Oct-2020

EE-1831

Password Throttling Count Issue – The saved count for Password Throttling isn't resetting which sometimes impacts valid password entries.

Install this hotfix if you have:

  • Password Throttling enabled and configured in the Workflow tab

N/A

File update – Includes file update to address OIDC issues with hotfix 19.07.01-25.

19.07.01-25

30-Sep-2020

EE-1803

Biometric Support – Re-enrollment in the Authenticate app in order to use biometric identification is no longer required.

Install this hotfix if you have:

  • Enabled the Authentication app previously and now want to use Biometric identification in the login workflow without users re-enrolling.

For more information, see Support biometric options in login workflow with Authenticate app.

EE-1860

Performance Optimizations – Realms created in the Classic Experience UI are now optimized to reduce latency. 

Install this hotfix if you have:

  • Realms created using the Classic UI experience.

EE-1867

API Transactions Now Included on Dashboard – SecureAuth Intelligent Identity Dashboard metrics now include API transactions.

Install this hotfix if you have:

  • Authentication API enabled in the API tab and want to include those API transactions in the dashboard metrics.

EE-1918

X-MS Request Header Fix – Eliminates the need to define the proxy IP and improves the mechanism to get the client/forwarded IP from the header. 

This hotfix is required for 19.07.01 deployments.

EE-1928

Authentication API Improvement – The Authentication API now supports Link-to-Accept via SMS and email as an available multi-factor method MFA option. 

Install this hotfix if you have: 

  • Authentication API enabled in the API tab

  • Link-to-Accept enabled in the Classic UI experience

EE-1935

Security Optimization – Admin API update to data store optimized for security best practices.

This hotfix is required for 19.07.01 deployments.

19.07.01-21

21-Aug-2020

EE-1810

OIDC Claim Format Issue – The email_verified claim should be sent as a boolean value.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1861

Security Optimization – Sanitize sensitive data in Debug Logs.

This hotfix is required for 19.07.01 deployments.

EE-1868

OIDC Issue – The OIDC algorithm header reverted back to HS256 during product upgrade.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

19.07.01-20

31-Jul-2020

EE-1700

Filebeat Process Improvements – Updates to Filebeats to improve performance.

This hotfix is required for 19.07.01 deployments.

EE-1749

Admin Console Issue – Admin console may not load after reboot.

This hotfix is required for 19.07.01 deployments.

19.07.01-16

24-Jul-2020

EE-1778

OIDC / OAuth2 Workflow Session Issue – OIDC queries in OAuth workflows are not read correctly when a user has two browser tabs open when authenticating into a resource.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1804

Submit Form Post Issue – Resolved an issue where the Submit Form Post realm incorrectly removed password data following certain special characters.

Install this fix if you have:

  • Submit Form Post configurations

19.07.01-15

17-Jul-2020

EE-1844

Security Issue – Resolved security issue with request parameters.

This hotfix is required for all customers on the Identity Platform release 19.07.01.

19.07.01-14

16-Jul-2020

EE-1739

2019 Theme Not Rendering Correctly – Pages in the realm root were not rendering correctly when using the 2019 theme.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

  • Realm root pages configured in the Post Authentication tab

EE-1772

Error Verbiage Improvements – In OAuth flow, if the authorization code ID and saved code ID did not match, it displayed the error message, "this code has already been used" which is misleading. Error message now reads as "Authorization Code does not match or has already been used".

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1774

Biometric Method Issue – For a Mobile Login (Push Notification) method involving any biometric as the Request Type in the Classic Experience, some configuration fields are greyed out.

Install this hotfix if you have:

  • Mobile Login (Push Notification) MFA method set up to use any Biometric as the Request Type in the Multi-Factor Methods tab

EE-1783

Data Store Connection Issue – Application realm was created using the New Experience in 9.3. After an Identity Platform upgrade to 19.07.01, the application realm loses connection to the data store after a period of time.

Install this hotfix if you have:

  • Application realm created in version 9.3 and you upgraded to 19.07.01

EE-1815

Security Fix – Resolved XSS security vulnerability in path resolution.

This hotfix is required for 19.07.01 deployments.

EE-1823

Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections.

Install this hotfix if you have:

  • CyberArk integration for the directory integration credentials on the Data tab

EE-1836

WS-Trust Blocking Update – Resolves issue where the WS-Trust Blocking service was not using the appropriate IP address for requests when using a load balancer.

Install this hotfix if you have:

  • WS-Trust Blocking service enabled

  • WS-Trust integrations

19.07.01-12

07-Jul-2020

EE-1781

Transformation Engine Issue – Resolves issue in which the Transformation Engine did not work correctly when used with WS-Federation.

Install this hotfix if you have:

  • Transformation Engine enabled and configured

EE-1823

Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections.

Install this hotfix if you have:

  • CyberArk integration for the directory integration credentials on the Data tab

19.07.01-11

25-Jun-2020

EE-1644

Security Fix – Implemented additional input validation to prevent double curly brackets ( {{ or }} ) in form input fields, including the UserID field.

This hotfix is required for 19.07.01 deployments.

EE-1660

Password Throttling Validation Issue – Users passwords not always validated when using Password Throttling feature.

Install this hotfix if you have:

  • Password Throttling enabled and configured in the Workflow tab

EE-1806

Installer Issue – Backup during installation of hotfix 10 does not include all of the necessary files, so it is not possible to successfully uninstall the hotfix update.

This hotfix is required for all customers on the base release of SecureAuth Identity Platform release 19.07.01 with no previous hotfixes applied.

IDP-8460

IdM API Enhancement – The Identity Management (IdM) API now supports enable/disable and lock/unlock user accounts for SQL data stores. This requires new SQL stored procedures.

Install this hotfix if you have:

  • IdM API enabled in the API tab

19.07.01-10

03-Jun-2020

EE-1611

2016 Theme Support for Biometric MFA – The new Biometric MFA option was not available for use in the 2016 theme option.

Install this hotfix if you have:

  • 2016 Theme selected in the Overview tab

  • Biometric identification enabled as an authentication option in the Multi-Factor Methods settings > Authentication Apps OR

  • Mobile Login Requests (Push Notifications) enabled in the Multi-Factor Methods tab

EE-1661

Encrypted KBQ / KBA Issue – Previously encrypted knowledge-based questions and answers were no longer supported after upgrade.

Install this hotfix if you have:

  • Knowledge-based questions enabled as an authentication method

EE-1680

Debug Log Cleanup – Debug logs required changes.

This hotfix is required for 19.07.01 deployments.

EE-1683

Azure AD Email Lookup Failure – SecureAuth Identity Platform was not able to effectively retrieve the email address from the Azure AD data store.

Install this hotfix if you have:

  • Azure AD integrated in the Data tab

  • Email 1 property mapped to an Azure AD attribute

EE-1684

Database Logging Issue – Database logs experiencing a table lock and stopped writing new log entries.

Install this hotfix if you have:

  • Database logging enabled in the Logs tab

EE-1692

Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication.

Install this hotfix if you have:

  • Manage Accounts page configured in the Post Authentication tab

  • Users employing Chrome browser

EE-1708

Updates to Previous Fix – Updates to fix for EE-1583, in hotfix 19.07.01-8 to make it more resilient.

Install this hotfix if you have:

  • OIDC integrations

19.07.01-9

08-Apr-2020

EE-1511

Session Timeout Length – Increased session timeout length to accommodate specific use cases.

Install this hotfix if you have:

  • A need for longer session timeout lengths

EE-1552

Push Notification Company Name – In the SecureAuth Authenticate app login request UI, the configured company name was not accurately displaying.

Install this hotfix if you have:

  • Authentication Apps enabled in a Policy OR

  • Mobile Login Requests enabled in the Multi-Factor Methods tab

  • Users employing the SecureAuth Authenticate app for authentication

EE-1600

Redirect with Token Issue – Redirect with token workflows were unsuccessful.

Install this hotfix if you have:

  • Redirect with Token configurations in the Workflow and / or Adaptive Authentication tab

EE-1605

Biometric Identification Enrollment – The parameter required to enable the biometric identification authentication method was not included when users would re-enroll the SecureAuth Authenticate app.

Install this hotfix if you have:

  • Biometric identification enabled as an authentication method

  • Users employing the SecureAuth Authenticate app for login

EE-1608

Resetting IIS Settings – After making changes to IIS and then changes to the SecureAuth Web Admin, the changes made in IIS were reverted to the previous configuration.

Install this hotfix if you have:

  • Windows Auth IIS settings changed from the SecureAuth default

EE-1614

Theme Issues for Customized Pages – Customized post-authentication pages were not rendering correctly when using the 2019 theme.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

  • Customized pages configured in the Post Authentication tab

EE-1619

Invalid SQL Password Issue – Password data was cut off in the database when using encrypted password format, resulting in an invalid user password at login.

Install this hotfix if you have:

  • SQL data store integration

  • Password format as encrypted

19.07.01-8

06-Mar-2020

EE-1217

Updates to Audit Logging for OIDC – Audit Logging updated for OIDC workflows to provide more clarity.

Install this hotfix if you have:

  • OIDC integrations

EE-1388

API Password Reset – IdM API password reset did not always work if user account was locked.

Install this hotfix if you have:

  • Password Reset IdM API endpoint enabled in the API tab

EE-1432

SAML Request Signature Validation – In certain SAML workflows, signature validation was not successful.

Install this hotfix if you have:

  • SAML applications configured in the Application Manager

  • SAML applications configured in the Post Authentication tab

EE-1519

SameSite Cookie attribute support – Required for compatibility with Google Chrome 80.

This hotfix is required for all 19.07.01 appliances.

Ensure that the Microsoft .NET patch is applied prior to installing this hotfix. Read https://support.secureauth.com/hc/en-us/articles/360038330652 for more information.

EE-1566

IdM API Enhancement – New endpoint to read the status of a user's account.

Install this hotfix if you have:

  • IdM API enabled in the API tab

EE-1583

OIDC Session Cleanup – Sessions were not properly cleared in OIDC realms, making it impossible to log into multiple clients due to values being cached from the first session.

Install this hotfix if you have:

  • OIDC integrations

EE-1607

International Phone Number Issue – Ten-digit International phone numbers were automatically being prepended with “1”, making those numbers unusable for MFA.

Install this hotfix if you have:

  • Phone MFA methods enabled in a Policy

  • Phone MFA methods enabled in the Registration Methods tab

19.07.01-2

20-Dec-2019

EE-1373

IP Evaluation Update – The IP Eval service did not use the appropriate IP address for WS-Trust requests when using a load balancer.

Install this hotfix if you have:

  • IP address evaluation enabled in Adaptive Auth in the Policy OR in the Adaptive Authentication tab

  • WS-Trust integrations

EE-1391

Updates to Secure Storage – Updates made to Secure Storage to avoid corruption.

This hotfix is required for 19.07.01 deployments.

19.07.01-1

05-Dec-2019

EE-1363

Support for AssertionConsumerServiceIndex (SAML) – SecureAuth Identity Platform now supports AssertionConsumerServiceIndex for SAML integrations.

Install this hotfix if you have:

  • SAML integrations that require AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL, for example: Cisco Jabber

For instructions about applying the hotfix for this feature, see SAML integrations using AssertionConsumerServiceIndex hotfix.

EE-1422

Adaptive Auth API Response Updates – When using the Authentication API for adaptive authentication calls; not all actions were available to enable the desired workflow.

Install this hotfix if you have:

  • Authentication API enabled in the API tab

  • Adaptive Authentication rules enabled and used via the API

EE-1425

Global Aux ID Configuration not Present – In the legacy Data tab, the Global Aux ID section was hidden in the UI and could not be configured.

This hotfix is required for 19.07.01 deployments.

EE-1434

YubiKey Enrollment with Proxy – YubiKey enrollments were not honoring the proxy settings configured in the realm, which led to user verification failures.

Install this hotfix if you have:

  • YubiKey enrollment configured as a Begin Site in the Workflow tab

  • Proxy settings configured in the System Info tab

  • An Identity Platform appliance that can only reach the api.yubico.com endpoints via configured proxy

EE-1455

Enhancements to User Risk Logging – Enhancements were made to logging for user risk information gathered during adaptive authentication, which provides more clarity.

Install this hotfix if you have:

  • User Risk enabled in a Policy OR

  • User Risk enabled in the Adaptive Authentication tab

EE-1458

WebServices Directory Lookup Update – When using webservices for multi-directory lookup, the profile directory was not pulled from the same realm as the membership.

Install this hotfix if you have:

  • Realms that use webservices multi-data store in the Data tab, where the profile data store configuration should be pulled from the same realm in which membership user information is found

EE-1481

Inaccurate Anti-forgery Error – During specific workflows and with specific MFA methods, users were seeing an anti-forgery error when they should not have.

This hotfix is required for 19.07.01 deployments.

EE-1494

TRX Performance Issue – When there is latency reaching the SecureAuth TRX cloud endpoint, it caused application latency, which impacted user login performance.

This hotfix is required for 19.07.01 deployments.

19.07 hotfixes

Release No.

Release Date

Ref ID

Description

19.07-5

04-Jun-2021

EE-1804

Submit Form Post Issue – Resolved an issue where the Submit Form Post realm incorrectly removed password data following certain special characters.

Install this fix if you have:

  • Submit Form Post configurations

EE-1844

Security Issue – Resolved security issue with request parameters.

This hotfix is required for 19.07 deployments.

EE-1864

WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the wreply field.

If a wreply setting is configured, the hotfix will use the host of this setting for the new allow-list.

There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list.

Install this hotfix if you have:

  • WS-Federation integrations

EE-2110

Security Optimization – Redirect pages optimized for security best practices.

This hotfix is required for 19.07 deployments.

19.07-4

14-Jul-2020

EE-1815

Security Fix – Resolved XSS security vulnerability in path resolution

This hotfix is required for 19.07 deployments.

19.07-3

29-Jun-2020

EE-1644

Security Fix – Implemented additional input validation to prevent double curly brackets ( {{ or }} ) in form input fields, including the UserID field.

This hotfix is required for 19.07 deployments.

EE-1680

Debug Log Clean up – Debug logs required changes.

This hotfix is required for 19.07 deployments.

19.07-2

31-Jan-2020

EE-1363

Support for AssertionConsumerServiceIndex (SAML) – SecureAuth Identity Platform now supports AssertionConsumerServiceIndex for SAML integrations.

Install this hotfix if you have:

  • SAML integrations that require AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL, for example: Cisco Jabber

Note

For instructions about applying the hotfix for this feature, see SAML integrations using AssertionConsumerServiceIndex hotfix.

EE-1422

Adaptive Auth API Response Updates – When using the Authentication API for adaptive authentication calls, not all actions were available to enable the desired workflow.

Install this hotfix if you have:

  • Authentication API enabled in the API tab

  • Adaptive Authentication rules enabled and used via the API

EE-1425

Global Aux ID Configuration not Present – In the legacy Data tab, where the Global Aux ID section was hidden in the UI and could not be configured.

This hotfix is required for 19.07 deployments.

EE-1519

SameSite Cookie attribute support – Required for compatibility with Google Chrome 80.

This hotfix is required for all 19.07 appliances.

Read https://support.secureauth.com/hc/en-us/articles/360038330652 for more information.

19.07-1

11-Sep-2019

EE-1206

OAuth Performance Issue – When a transaction (TRX) failure occurred, the OAuth workflow would slow down significantly, halting many users’ logins

Install this hotfix if you have:

  • OAuth integrations

EE-1330

Link-to-Accept / TOTP Registration Method Mix-up – It was possible to select TOTP option for SMS on the reg methods pick list screen and instead, receive a login confirmation link (Link-to-Accept).

Install this hotfix if you have:

  • SMS / Text Message TOTP enabled

  • SMS / Text Message Link-to-Accept enabled

  • Both options enabled in a Policy

EE-1352

JWT Token Refresh Issue – JWT tokens were not accurately refreshing, causing other SecureAuth cloud services, including authentication and adaptive policy checks, to fail.

This hotfix is required for 19.07 deployments.

EE-1367

Geo-velocity Cloud Communications Error – When comparing previous and current IP addresses, some logins were generating an “unavailable” result.

Install this hotfix if you have:

  • Geo-velocity enabled as an Adaptive Authentication step