Hotfixes

The following lists hotfixes for the Identity Platform release 20.06.

20.06 hotfixes

Release No.

Release Date

Ref ID

Issue / Description

20.06-9

16-Jul-2021

EE-1652

Password Throttling API Response Message – Added additional clarification to password throttling AP response message.

EE-1663

Device Fingerprint Optimization – Device fingerprint profile (DFP) optimized when realm is configured in Private Mode only.

EE-1814

SAML OneTimeUse Condition Support – Added support for the SAML OneTimeUse condition.

EE-1825

QR Enrollment Issue – Addressed issue when using an email address during login to the QR enrollment page. 

Install this hotfix you have:

  • Multi-Factor App Enrollment – QR Code realm

EE-1969

SAML Assertion Update – Added support for FriendlyName user attribute.

To use the FriendlyName user attribute, it requires the following application setting in the web.config:

<add key=“ExtendedSAMLAttrXXFriendlyName” value=“YourFriendlyName” />

Where XX is a number between 1-10 associated with the attribute.

For Identity Platform cloud deployments, contact Support to update your web.config.

EE-2029

Content and Localization Issue – Addressed issue where edits in the verbiage editor did not show up on the Logout.aspx page.

EE-2077

IPv6 Address Handling Improvement – Enhanced ability to better manage IPv6 addresses.

EE-2092

Added New Response Times to Audit Logs – Addressed issue to include OTP response times in audit logs.

EE-2106

Default MFA Delivery Options Improvement – Added logic so that the first MFA option on the list is always selected by default.

EE-2116

OpenID Connect Scopes Issue – Resolved an issue with OpenID scope values not rendering correctly for OIDC Authorizations.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-2120

OIDC Issue – Added logic to better handle login prompts.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-2253

WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups.

EE-2265

This is an update to the following issue reported under EE-1967 in hotfix 20.06-8.

Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable.

20.06-8

27-May-2021

EE-1748

Maximum Device Count – Resolved an issue where, when users reached the maximum limit of registered devices, no warnings were displayed.

EE-1855

Error Handling Improvement – Added additional logic to better manage errors that occur when using the API OTP validate endpoint.

Install this hotfix if you have:

  • Authentication API enabled

EE-1856

Security Optimization – JQuery.js file optimized for security best practices.

This hotfix is required for 20.06 deployments.

EE-1967

Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable.

EE-1972

Adaptive Endpoint Issue – Resolved an issue causing the endpoint to incorrectly prompt for 2FA for users in an allowed group.

EE-2040

AD LDS Account Unlocking Issue – Addressed an issue causing the Identity Platform to incorrectly see accounts locked that had been previously unlocked by (AD LDS).

Install this hotfix if you have:

  • AD LDS data store integration

Note

A fallback xml attribute for the lockout duration was added to the web.config. Contact Support for more information.

EE-2050

Security Optimization – Angular.js library optimized for security best practices.

This hotfix is required for 20.06 deployments.

EE-2059

Web Service Realm Issue – Resolved an issue that caused disabled WebService realm to continue to function if the username and password existed.

Install this hotfix if you have:

  • Web Service (Multi-Datastore) integration disabled on the Data tab

EE-2070

Login Delay Issue – Resolved an issue resulting in potential delays for the login page when using IWA or Transparent SSO.

Install this hotfix if you have:

  • IWA workflow

  • Transparent SSO workflow

EE-2110

Security Optimization – Redirect pages optimized for security best practices.

This hotfix is required for 20.06 deployments.

EE-2111

2019 Theme Issue – Fixed an issue causing the login page in 2019 theme to not load when using Internet Explorer 11 browser.

Install this hotfix if you have:

  • 2019 Theme selected on the Overview tab

20.06-7

25-Mar-2021

EE-1822

2019 Theme Issue - Password Inline Warning – Resolved an issue where users couldn't bypass the prompt to optionally change their password.

Install this hotfix if you have:

  • 2019 Theme selected on the Overview tab

EE-2003

2019 Theme Issue - Profile Missing page – Resolved an issue where the Restart Login link didn't display on the profilemissing.aspx page.

Install this hotfix if you have:

  • 2019 Theme selected on the Overview tab

EE-2045

FIDO2 Authentication Issue – FIDO2 authentication ignores proxy settings.

Install this hotfix if you have:

  • FIDO2 WebAuthn enabled as MFA method

EE-2047

FIDO2 Authentication Improvement – Error handling improvements to user login when user does not have a registered FIDO2 security key.

Install this hotfix if you have:

  • FIDO2 WebAuthn enabled as MFA method

EE-2100

FIDO2 Authentication Improvements – Improvements related to FIDO2 authentication include:

  • Added audit logging to all FIDO2 calls with response times

  • Update issue with not loading New Experience data stores behind a proxy

  • Disabling login call to FIDO2 when this MFA is not applicable

Install this hotfix if you have:

  • FIDO2 WebAuthn enabled as MFA method

20.06-6

08-Mar-2021

EE-1854

Web Admin Optimization – Removal of unused code and subfolder from the SecureAuth Identity Platform Web Admin project folder.

EE-1864

WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the wreply field.

If a wreply setting is configured, the hotfix will use the host of this setting for the new allow-list.

There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list.

Install this hotfix if you have:

  • WS-Federation integrations

EE-1897

Performance Enhancements – Update exception handling to improve system performance during login and enrollment workflows.

EE-1979

Updates to Audit Logging for SQL – Audit logging updates for SQL data store response times. 

Install this hotfix if you have: 

  • SQL data store integration

EE-2004

SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful.

Install this fix if you have:

  • SAML applications configured in the Application Manager

  • SAML applications configured in the Post Authentication tab

Important

By installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date.

To override this setting to allow expired certificates, set the following application setting in the web.config:

<add key="BlockSAMLRequestCertExpiration" value="False" />

EE-2051

Self-Service Account Update Theme Issue – There were some missing labels on the AccountUpdate.aspx page using 2016 or 2019 Themes.

Install this hotfix if you have:

  • Self-service Account Update page configured

  • 2016 or 2019 Theme selected in the Overview tab

EE-2060

Security Optimization – OIDC authorization with PKCE optimized for security best practices.

This hotfix is required for 20.06 deployments.

EE-1960

Hotfix Installer Update – Hotfix installer updates the cloud certificate URL to use https.

EE-2046

Hotfix Installer Update – Hotfix installer uninstalls Metricbeat.

20.06-5

12-Jan-2021

EE-1803

Biometric Support – Re-enrollment in the Authenticate app in order to use biometric identification is no longer required.

Install this hotfix if you have:

  • Enabled the Authentication app previously and now want to use Biometric identification in the login workflow without users re-enrolling.

For more information, see Support biometric options in login workflow with Authenticate app.

EE-1804

Submit Form Post Issue – The Submit Form Post realm incorrectly removes password data following certain special characters.

Install this fix if you have:

  • Submit Form Post configurations

EE-1826

Transformation Engine Support for OIDC / OAuth2 Workflows – Transformation Engine now supports OIDC / OAuth2 workflows.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1833

Multiple Workflow Configuration Issues – Resolved issues with setting up a Multiple Workflow Configuration and password throttling validation issue.

Install this hotfix if you have:

  • Multiple Workflow Configuration enabled and configured in the Workflow tab

  • Password Throttling enabled and configured in the Workflow tab

EE-1877

Service Provider Metadata XML Issue – In the New Experience UI, the metadata XML exports in the wrong format.

EE-1989

2019 Theme Issue with Login Workflow – Users can't login with the 2019 theme in Internet Explorer 11 or Office 365 using embedded browser controls. The Submit button stays disabled at login.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

EE-2004

SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful.

Install this fix if you have:

  • SAML applications configured in the Application Manager

  • SAML applications configured in the Post Authentication tab

Caution

By installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date.

Contact Support to override this setting to allow expired certificates. It requires the following application setting in the web.config:

<add key="BlockSAMLRequestCertExpiration" value="False" />

20.06-4

09-Nov-2020

EE-1611

2016 Theme Support for Biometric MFA – The new Biometric MFA option was not available for use in the 2016 theme option.

Install this hotfix if you have:

  • 2016 Theme selected in the Overview tab

  • Biometric identification enabled as an authentication option in the Multi-Factor Methods settings > Authentication Apps OR

  • Mobile Login Requests (Push Notifications) enabled in the Multi-Factor Methods tab

EE-1810

OIDC Claim Format Issue – The email_verified claim should be sent as a boolean value.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1860

Performance Optimizations – Realms created in the Classic UI are now optimized to reduce latency.

Install this hotfix if you have:

  • Realms created using the Classic UI experience

EE-1868

OIDC Issue – The OIDC algorithm header reverted back to HS256 during product upgrade.

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1935

Security Optimization – Admin API update to data store optimized for security best practices.

This hotfix is required for 20.06 deployments.

EE-1966

Redirect with Token Issue – Redirect with token workflows were intermittently unsuccessful under certain conditions.

Install this hotfix if you have:

  • Redirect with Token configurations in the Workflow and / or Adaptive Authentication tab

Other

Additional logging enhancements and updated SecureAuth branding

20.06-3

07-Oct-2020

EE-1890

This hotfix includes a file correction to a previous 20.06-2 hotfix addressing this issue:

Certificate Issue – For customers upgrading from Identity Platform release 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly.

This hotfix is required for 20.06 deployments.

20.06-2

02-Oct-2020

EE-1778

OIDC / OAuth2 Workflow Session Issue – OIDC queries in OAuth workflows now read correctly when a user has two browser tabs open when authenticating into a resource.

Install this fix if you have:

  • OIDC / OAuth2 integrations

EE-1890

Certificate Issue – For customers upgrading from Identity Platform release 19.07.01 to 20.06, the SHA-1 assertion now verifies correctly.

This hotfix is required for 20.06 deployments.

EE-1902

OIDC / OAuth 2 Issue – Fixes an issue with scope values not rendering correctly on the Post Auth tab for OpenID Connect/OAuth 2.0.

Install this fix if you have: 

  • OIDC / OAuth2 integrations

EE-1928

Authentication API Improvement – The Authentication API now supports Link-to-Accept via SMS and email as an available multi-factor method MFA option.

Install this hotfix if you have:

  • Authentication API enabled in the API tab

  • Link-to-Accept enabled in the Classic UI experience

20.06-1

11-Sep-2020

EE-1196

Realm List Display Issue – Classic administration realm navigation bar repositions incorrectly after save.

EE-1524

Azure AD UPN Domain Check – Resolves issue with unnecessary uppercase and lowercase domain name check in username.

Install this hotfix if you have:

  • Azure AD integrated with the Identity Platform

EE-1552

Push Notification Company Name – In the SecureAuth Authenticate app login request UI, the configured company name was not accurately displaying.

Install this hotfix if you have:

  • Authentication Apps enabled in a Policy OR

  • Mobile Login Requests enabled in the Multi-Factor Methods tab

  • Users employing the SecureAuth Authenticate app for authentication

EE-1600

Redirect with Token Issue – Redirect with token workflows were unsuccessful.

Install this hotfix if you have:

  • Redirect with Token configurations in the Workflow and / or Adaptive Authentication tab

EE-1607

International Phone Number Issue – Ten-digit International phone numbers were automatically being prepended with “1”, making those numbers unusable for MFA.

Install this hotfix if you have:

  • Phone MFA methods enabled in a Policy

  • Phone MFA methods enabled in the Registration Methods tab

EE-1660

Password Throttling Validation Issue – Users passwords not always validated when using Password Throttling feature.

Install this hotfix if you have:

  • Password Throttling enabled and configured in the Workflow tab

EE-1684

Database Logging Issue – Database logs experiencing a table lock stopped writing new log entries.

Install this hotfix if you have:

  • Database logging enabled in the Logs tab

EE-1692

Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication.

Install this hotfix if you have:

  • Manage Accounts page configured in the Post Authentication tab

  • Users employing Chrome browser

EE-1707

Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections.

Install this hotfix if you have:

  • CyberArk integration for the directory integration credentials on the Data tab

EE-1739

2019 Theme Not Rendering Correctly – Pages in the realm root were not rendering correctly when using the 2019 theme.

Install this hotfix if you have:

  • 2019 Theme selected in the Overview tab

  • Realm root pages configured in the Post Authentication tab

EE-1749

Admin Console Issue – Admin console may not load after reboot.

  • This hotfix is required for 20.06 deployments.

EE-1772

Error Verbiage Improvements – In OAuth flow, if the authorization code ID and saved code ID do not match, it displayed the error message, "this code has already been used" which is misleading. Error message now reads as "Authorization Code does not match or has already been used".

Install this hotfix if you have:

  • OIDC / OAuth2 integrations

EE-1774

Biometric Method Issue – For a Mobile Login (Push Notification) method involving any biometric as the Request Type in the Classic IdP Experience, some configuration fields are greyed out.

Install this hotfix if you have:

  • Mobile Login (Push Notification) MFA method set up to use any Biometric as the Request Type in the Multi-Factor Methods tab

EE-1781

Transformation Engine Issue – Resolves issue in which the Transformation Engine did not work correctly when used with WS-Federation.

Install this hotfix if you have:

  • Transformation Engine enabled and configured

EE-1608

Resetting IIS Settings – After making changes to IIS and then changes to the SecureAuth Web Admin, the changes made in IIS were reverted to the previous configuration.

Install this hotfix if you have:

  • Windows Auth IIS settings changed from the SecureAuth default

EE-1619

Invalid SQL Password Issue – Password data was cut off in the database when using encrypted password format, resulting in an invalid user password at login.

Install this hotfix if you have:

  • SQL data store integration

  • Password format as encrypted

EE-1680

Debug Log Cleanup – Debug logs required changes.

This hotfix is required for 20.06 deployments.

EE-1683

SecureAuth Identity Platform was not able to effectively retrieve the email address from the Azure AD data store.

Install this hotfix if you have:

  • Azure AD integrated in the Data tab

  • Email 1 property mapped to an Azure AD attribute