Hotfixes

The following lists hotfixes for the Identity Platform version 20.06.

20.06 hotfixes

Release No.

Release Date

Ref ID

Issue / Description

20.06-5

12-Jan-2021

EE-1803

Biometric Support – Re-enrollment in the Authenticate app in order to use biometric identification is no longer required.

Install this hotfix if you have:

  • Enabled the Authentication app previously and now want to use Biometric identification in the login workflow without users re-enrolling.

For more information, see Support biometric options in login workflow with Authenticate app.

EE-1804

Submit Form Post Issue – The Submit Form Post realm incorrectly removes password data following certain special characters.

Install this fix if you have:

  • Submit Form Post configurations

EE-1826

Transformation Engine Support – Transformation Engine now supports OIDC / OAuth2 workflows.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1833

Multiple Workflow Configuration Issues – Resolved issues with setting up a Multiple Workflow Configuration and password throttling validation issue.

Install this hotfix if you have:

  • Multiple Workflow Configuration enabled and configured in the Workflow tab

  • Password Throttling enabled and configured in the Workflow tab

EE-1877

Service Provider Metadata XML Issue – In the New Experience UI, the metadata XML exports in the wrong format.

EE-1989

Theme Issue with Login – Users can't login with the 2019 theme in Internet Explorer 11 or Office 365 using embedded browser controls. The Submit button stays disabled at login.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

EE-2004

SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful.

Install this fix if you have:

  • SAML applications configured in the Application Manager

  • SAML applications configured in the Post Authentication tab

Caution

By installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date.

Contact Support to override this setting to allow expired certificates. It requires the following application setting in the web.config:

<add key="BlockSAMLRequestCertExpiration" value="False" />

20.06-4

09-Nov-2020

EE-1611

2016 Theme Support for Biometric MFA – The new Biometric MFA option was not available for use in the 2016 theme option.

Install this hotfix if you have:

  • 2016 Theme selected in the Overview tab

  • Biometric identification enabled as an authentication option in the Multi-Factor Methods settings > Authentication Apps OR

  • Mobile Login Requests (Push Notifications) enabled in the Multi-Factor Methods tab

EE-1810

OIDC Issue – The email_verified claim should be sent as a boolean value.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1860

Latency Issues – Realms created in the Classic UI are now optimized to reduce latency.

Install this hotfix if you have:

  • Realms created using the Classic UI experience

EE-1868

OIDC Issue – The OIDC algorithm header reverted back to HS256 during product upgrade.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1935

Security Optimization – Admin API update to data store optimized for security best practices.

This hotfix is required for all 19.07.01 deployments.

EE-1966

Redirect with Token Issue – Redirect with token workflows were intermittently unsuccessful under certain conditions.

Install this hotfix if you have:

  • Redirect with Token configurations in the Workflow and / or Adaptive Authentication tab

Other

Additional logging enhancements and updated SecureAuth branding

20.06-3

07-Oct-2020

EE-1890

This hotfix includes a file correction to a previous 20.06-2 hotfix addressing this issue:

Certificate Issue – For customers upgrading from Identity Platform version 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly.

This hotfix is required for all 20.06 deployments.

20.06-2

02-Oct-2020

EE-1778

OIDC / OAuth2 Workflow Session Cleanup – OIDC queries in OAuth workflows now read correctly when a user has two browser tabs open when authenticating into a resource.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1890

Certificate Issue – For customers upgrading from Identity Platform version 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly.

This hotfix is required for all 20.06 deployments.

EE-1902

OIDC / OAuth 2 Issue – Fixes an issue with scope values not rendering correctly on the Post Auth tab for OpenID Connect/OAuth 2.0.

Install this fix if you have: 

  • OIDC / OAuth2 integrations

EE-1928

Authentication API Improvement – The Authentication API now supports Link-to-Accept via SMS and email as an available multi-factor method MFA option.

Install this hotfix if you have:

  • Authentication API enabled in the API tab

  • Link-to-Accept enabled in the Classic UI experience

20.06-1

11-Sep-2020

EE-1196

Classic administration realm navigation bar repositions incorrectly after save.

EE-1524

Azure AD UPN Domain Check – Resolves issue with unnecessary uppercase and lowercase domain name check in username.

Install this hotfix if you have:

  • Azure AD integrated with the Identity Platform

EE-1552

Push Notification Company Name – In the SecureAuth Authenticate app login request UI, the configured company name was not accurately displaying.

Install this hotfix if you have:

  • Authentication Apps enabled in a Policy OR

  • Mobile Login Requests enabled in the Multi-Factor Methods tab

  • Users employing the SecureAuth Authenticate app for authentication

EE-1600

Redirect with Token Issue – Redirect with token workflows were unsuccessful.

Install this hotfix if you have:

  • Redirect with Token configurations in the Workflow and / or Adaptive Authentication tab

EE-1607

International Phone Number Issue – Ten-digit International phone numbers were automatically being prepended with “1”, making those numbers unusable for MFA.

Install this hotfix if you have:

  • Phone MFA methods enabled in a Policy

  • Phone MFA methods enabled in the Registration Methods tab

EE-1660

Password Throttling Validation Issue – Users passwords not always validated when using Password Throttling feature.

Install this hotfix if you have:

  • Password Throttling enabled and configured in the Workflow tab

EE-1684

Database Logging Issue – Database logs experiencing a table lock stopped writing new log entries.

Install this hotfix if you have:

  • Database logging enabled in the Logs tab

EE-1692

Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication.

Install this hotfix if you have:

  • Manage Accounts page configured in the Post Authentication tab

  • Users employing Chrome browser

EE-1707

Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections.

Install this hotfix if you have:

  • CyberArk integration for the directory integration credentials on the Data tab

EE-1739

Theme Issues for Realm Pages – Pages in the realm root were not rendering correctly when using the 2019 theme.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

  • Realm root pages configured in the Post Authentication tab

EE-1749

Admin Console Issue – Admin console may not load after reboot.

  • This hotfix is required for all 20.06 appliances.

EE-1772

Error Verbiage Improvements – In OAuth flow, if the authorization code ID and saved code ID do not match, it displayed the error message, "this code has already been used" which is misleading. Error message now reads as "Authorization Code does not match or has already been used".

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1774

Biometric Method Issue – For a Mobile Login (Push Notification) method involving any biometric as the Request Type in the Classic IdP Experience, some configuration fields are greyed out.

Install this hotfix if you have:

  • Mobile Login (Push Notification) MFA method set up to use any Biometric as the Request Type in the Multi-Factor Methods tab

EE-1781

Transformation Engine Issue – Resolves issue in which the Transformation Engine did not work correctly when used with WS-Federation.

Install this hotfix if you have:

  • Transformation Engine enabled and configured

EE-1608

Resetting IIS Settings – After making changes to IIS and then changes to the SecureAuth Web Admin, the changes made in IIS were reverted to the previous configuration.

Install this hotfix if you have:

  • Windows Auth IIS settings changed from the SecureAuth default

EE-1619

Invalid SQL Password Issue – Password data was cut off in the database when using encrypted password format, resulting in an invalid user password at login.

Install this hotfix if you have:

  • SQL data store integration

  • Password format as encrypted

EE-1680

Debug Log Cleanup – Debug logs required changes.

This hotfix is required for all 20.06 appliances.

EE-1683

SecureAuth Identity Platform was not able to effectively retrieve the email address from the Azure AD data store.

Install this hotfix if you have:

  • Azure AD integrated in the Data tab

  • Email 1 property mapped to an Azure AD attribute