Hotfixes
The following lists hotfixes for the Identity Platform release 20.06.
20.06 hotfixes
Release No. | Release Date | Ref ID | Issue / Description |
|---|---|---|---|
20.06-9 | 16-Jul-2021 | EE-1652 | Password Throttling API Response Message – Added additional clarification to password throttling AP response message. |
EE-1663 | Device Fingerprint Optimization – Device fingerprint profile (DFP) optimized when realm is configured in Private Mode only. | ||
EE-1814 | SAML OneTimeUse Condition Support – Added support for the SAML OneTimeUse condition. | ||
EE-1825 | QR Enrollment Issue – Addressed issue when using an email address during login to the QR enrollment page. Install this hotfix you have:
| ||
EE-1969 | SAML Assertion Update – Added support for To use the
Where For Identity Platform cloud deployments, contact Support to update your web.config. | ||
EE-2029 | Content and Localization Issue – Addressed issue where edits in the verbiage editor did not show up on the Logout.aspx page. | ||
EE-2077 | IPv6 Address Handling Improvement – Enhanced ability to better manage IPv6 addresses. | ||
EE-2092 | Added New Response Times to Audit Logs – Addressed issue to include OTP response times in audit logs. | ||
EE-2106 | Default MFA Delivery Options Improvement – Added logic so that the first MFA option on the list is always selected by default. | ||
EE-2116 | OpenID Connect Scopes Issue – Resolved an issue with OpenID scope values not rendering correctly for OIDC Authorizations. Install this hotfix if you have:
| ||
EE-2120 | OIDC Issue – Added logic to better handle login prompts. Install this hotfix if you have:
| ||
EE-2253 | WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups. | ||
EE-2265 | This is an update to the following issue reported under EE-1967 in hotfix 20.06-8. Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable. | ||
20.06-8 | 27-May-2021 | EE-1748 | Maximum Device Count – Resolved an issue where, when users reached the maximum limit of registered devices, no warnings were displayed. |
EE-1855 | Error Handling Improvement – Added additional logic to better manage errors that occur when using the API OTP validate endpoint. Install this hotfix if you have:
| ||
EE-1856 | Security Optimization – JQuery.js file optimized for security best practices. This hotfix is required for 20.06 deployments. | ||
EE-1967 | Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable. | ||
EE-1972 | Adaptive Endpoint Issue – Resolved an issue causing the endpoint to incorrectly prompt for 2FA for users in an allowed group. | ||
EE-2040 | AD LDS Account Unlocking Issue – Addressed an issue causing the Identity Platform to incorrectly see accounts locked that had been previously unlocked by (AD LDS). Install this hotfix if you have:
NoteA fallback xml attribute for the lockout duration was added to the web.config. Contact Support for more information. | ||
EE-2050 | Security Optimization – Angular.js library optimized for security best practices. This hotfix is required for 20.06 deployments. | ||
EE-2059 | Web Service Realm Issue – Resolved an issue that caused disabled WebService realm to continue to function if the username and password existed. Install this hotfix if you have:
| ||
EE-2070 | Login Delay Issue – Resolved an issue resulting in potential delays for the login page when using IWA or Transparent SSO. Install this hotfix if you have:
| ||
EE-2110 | Security Optimization – Redirect pages optimized for security best practices. This hotfix is required for 20.06 deployments. | ||
EE-2111 | 2019 Theme Issue – Fixed an issue causing the login page in 2019 theme to not load when using Internet Explorer 11 browser. Install this hotfix if you have:
| ||
20.06-7 | 25-Mar-2021 | EE-1822 | 2019 Theme Issue - Password Inline Warning – Resolved an issue where users couldn't bypass the prompt to optionally change their password. Install this hotfix if you have:
|
EE-2003 | 2019 Theme Issue - Profile Missing page – Resolved an issue where the Restart Login link didn't display on the profilemissing.aspx page. Install this hotfix if you have:
| ||
EE-2045 | FIDO2 Authentication Issue – FIDO2 authentication ignores proxy settings. Install this hotfix if you have:
| ||
EE-2047 | FIDO2 Authentication Improvement – Error handling improvements to user login when user does not have a registered FIDO2 security key. Install this hotfix if you have:
| ||
EE-2100 | FIDO2 Authentication Improvements – Improvements related to FIDO2 authentication include:
Install this hotfix if you have:
| ||
20.06-6 | 08-Mar-2021 | EE-1854 | Web Admin Optimization – Removal of unused code and subfolder from the SecureAuth Identity Platform Web Admin project folder. |
EE-1864 | WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the If a There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list. Install this hotfix if you have:
| ||
EE-1897 | Performance Enhancements – Update exception handling to improve system performance during login and enrollment workflows. | ||
EE-1979 | Updates to Audit Logging for SQL – Audit logging updates for SQL data store response times. Install this hotfix if you have:
| ||
EE-2004 | SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful. Install this fix if you have:
ImportantBy installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date. To override this setting to allow expired certificates, set the following application setting in the web.config:
| ||
EE-2051 | Self-Service Account Update Theme Issue – There were some missing labels on the AccountUpdate.aspx page using 2016 or 2019 Themes. Install this hotfix if you have:
| ||
EE-2060 | Security Optimization – OIDC authorization with PKCE optimized for security best practices. This hotfix is required for 20.06 deployments. | ||
EE-1960 | Hotfix Installer Update – Hotfix installer updates the cloud certificate URL to use | ||
EE-2046 | Hotfix Installer Update – Hotfix installer uninstalls Metricbeat. | ||
20.06-5 | 12-Jan-2021 | EE-1803 | Biometric Support – Re-enrollment in the Authenticate app in order to use biometric identification is no longer required. Install this hotfix if you have:
For more information, see Support biometric options in login workflow with Authenticate app. |
EE-1804 | Submit Form Post Issue – The Submit Form Post realm incorrectly removes password data following certain special characters. Install this fix if you have:
| ||
EE-1826 | Transformation Engine Support for OIDC / OAuth2 Workflows – Transformation Engine now supports OIDC / OAuth2 workflows. Install this fix if you have:
| ||
EE-1833 | Multiple Workflow Configuration Issues – Resolved issues with setting up a Multiple Workflow Configuration and password throttling validation issue. Install this hotfix if you have:
| ||
EE-1877 | Service Provider Metadata XML Issue – In the New Experience UI, the metadata XML exports in the wrong format. | ||
EE-1989 | 2019 Theme Issue with Login Workflow – Users can't login with the 2019 theme in Internet Explorer 11 or Office 365 using embedded browser controls. The Submit button stays disabled at login. Install this hotfix if you have:
| ||
EE-2004 | SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful. Install this fix if you have:
CautionBy installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date. Contact Support to override this setting to allow expired certificates. It requires the following application setting in the web.config:
| ||
20.06-4 | 09-Nov-2020 | EE-1611 | 2016 Theme Support for Biometric MFA – The new Biometric MFA option was not available for use in the 2016 theme option. Install this hotfix if you have:
|
EE-1810 | OIDC Claim Format Issue – The email_verified claim should be sent as a boolean value. Install this hotfix if you have:
| ||
EE-1860 | Performance Optimizations – Realms created in the Classic UI are now optimized to reduce latency. Install this hotfix if you have:
| ||
EE-1868 | OIDC Issue – The OIDC algorithm header reverted back to HS256 during product upgrade. Install this hotfix if you have:
| ||
EE-1935 | Security Optimization – Admin API update to data store optimized for security best practices. This hotfix is required for 20.06 deployments. | ||
EE-1966 | Redirect with Token Issue – Redirect with token workflows were intermittently unsuccessful under certain conditions. Install this hotfix if you have:
| ||
Other | Additional logging enhancements and updated SecureAuth branding | ||
20.06-3 | 07-Oct-2020 | EE-1890 | This hotfix includes a file correction to a previous 20.06-2 hotfix addressing this issue: Certificate Issue – For customers upgrading from Identity Platform release 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly. This hotfix is required for 20.06 deployments. |
20.06-2 | 02-Oct-2020 | EE-1778 | OIDC / OAuth2 Workflow Session Issue – OIDC queries in OAuth workflows now read correctly when a user has two browser tabs open when authenticating into a resource. Install this fix if you have:
|
EE-1890 | Certificate Issue – For customers upgrading from Identity Platform release 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly. This hotfix is required for 20.06 deployments. | ||
EE-1902 | OIDC / OAuth 2 Issue – Fixes an issue with scope values not rendering correctly on the Post Auth tab for OpenID Connect/OAuth 2.0. Install this fix if you have:
| ||
EE-1928 | Authentication API Improvement – The Authentication API now supports Link-to-Accept via SMS and email as an available multi-factor method MFA option. Install this hotfix if you have:
| ||
20.06-1 | 11-Sep-2020 | EE-1196 | Realm List Display Issue – Classic administration realm navigation bar repositions incorrectly after save. |
EE-1524 | Azure AD UPN Domain Check – Resolves issue with unnecessary uppercase and lowercase domain name check in username. Install this hotfix if you have:
| ||
EE-1552 | Push Notification Company Name – In the SecureAuth Authenticate app login request UI, the configured company name was not accurately displaying. Install this hotfix if you have:
| ||
EE-1600 | Redirect with Token Issue – Redirect with token workflows were unsuccessful. Install this hotfix if you have:
| ||
EE-1607 | International Phone Number Issue – Ten-digit International phone numbers were automatically being prepended with “1”, making those numbers unusable for MFA. Install this hotfix if you have:
| ||
EE-1660 | Password Throttling Validation Issue – Users passwords not always validated when using Password Throttling feature. Install this hotfix if you have:
| ||
EE-1684 | Database Logging Issue – Database logs experiencing a table lock stopped writing new log entries. Install this hotfix if you have:
| ||
EE-1692 | Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication. Install this hotfix if you have:
| ||
EE-1707 | Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections. Install this hotfix if you have:
| ||
EE-1739 | 2019 Theme Not Rendering Correctly – Pages in the realm root were not rendering correctly when using the 2019 theme. Install this hotfix if you have:
| ||
EE-1749 | Admin Console Issue – Admin console may not load after reboot.
| ||
EE-1772 | Error Verbiage Improvements – In OAuth flow, if the authorization code ID and saved code ID do not match, it displayed the error message, "this code has already been used" which is misleading. Error message now reads as "Authorization Code does not match or has already been used". Install this hotfix if you have:
| ||
EE-1774 | Biometric Method Issue – For a Mobile Login (Push Notification) method involving any biometric as the Request Type in the Classic IdP Experience, some configuration fields are greyed out. Install this hotfix if you have:
| ||
EE-1781 | Transformation Engine Issue – Resolves issue in which the Transformation Engine did not work correctly when used with WS-Federation. Install this hotfix if you have:
| ||
EE-1608 | Resetting IIS Settings – After making changes to IIS and then changes to the SecureAuth Web Admin, the changes made in IIS were reverted to the previous configuration. Install this hotfix if you have:
| ||
EE-1619 | Invalid SQL Password Issue – Password data was cut off in the database when using encrypted password format, resulting in an invalid user password at login. Install this hotfix if you have:
| ||
EE-1680 | Debug Log Cleanup – Debug logs required changes. This hotfix is required for 20.06 deployments. | ||
EE-1683 | SecureAuth Identity Platform was not able to effectively retrieve the email address from the Azure AD data store. Install this hotfix if you have:
|