SecureAuth RADIUS Server release notes
The version numbers here apply to the SecureAuth RADIUS Server product version.
To download the latest version of SecureAuth RADIUS, go to Product Downloads.
See also the SecureAuth RADIUS Server documentation.
Version 24.07.02
Release Date: July 24, 2024
SecureAuth RADIUS version 24.07.02 is backwards compatible with previous Identity Platform releases.
SAIDP-622 – Patch update for the Blast-RADIUS vulnerability. To learn more, see SecureAuth security advisory – RADIUS vulnerability CVE-2024-3596.
Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.
Release Date: March 8, 2024
SecureAuth RADIUS version 24.02.02 is backwards compatible with previous Identity Platform releases.
SAIDP-258 – Improvements for Adaptive Authentication checks and Dynamic IP blocking in SecureAuth RADIUS.
Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.
Release Date: January 22, 2024
SecureAuth RADIUS version 24.01.02 is backwards compatible with previous Identity Platform releases.
RAD-781 – An error where Symbol-to-Accept authentication fails is fixed.
RAD-659 – An error where the UI freezes when trying to export the configuration with no Shared Secret set is fixed. Administrators now see an error page when attempting this action.
RAD-749 – Configuring and selecting an API Endpoint on Radius Client settings is now mandatory. Also, when disabling an API Endpoint, if there is a Enabled RADIUS Client using it, an error occurs. This fixes an issue where the Client config did not update when an IdP realm was removed.
Performance improvements and bug fixes
Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.
Release Date: November 10, 2023
SecureAuth RADIUS version 23.11 is backwards compatible with previous Identity Platform releases.
RAD-663 – Added support for the Preferred Auto-Submit Method set by an Admin in a policy. To learn more about this setting in the Identity Platform, see Automatically submit preferred MFA method.
To enable this feature, it requires a new setting in the
appliance.radius.properties
file. To learn more, see the Preferred MFA property in Optional configurations.Note: SecureAuth RADIUS version 23.11 supports this feature only in Identity Platform release 23.07-2 or later. Take note that RADIUS still does not support knowledge-based answers (KBA), FIDO2-enabled devices, and Symantec VIP and these will still not work for Preferred Auto-Submit MFA
Performance improvements and bug fixes
Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.
Release Date: July 31, 2023
SecureAuth Identity Platform 23.07 or later
Important
You must upgrade to SecureAuth RADIUS Server version 20.12.15 before you upgrade to Identity Platform release 23.07.
SecureAuth RADIUS version 20.12.15 is backwards compatible with SecureAuth Identity Platform releases up to 22.12
RAD-661– Optional configuration for HTTPS. To learn more, see Optional configurations.
RAD-689 – New SecureAuth RADIUS Diagnostic Tool. To learn more about the tool, see SecureAuth RADIUS Diagnostic Tool.
RAD-720 – Added support for multiple IPs for RADIUS clients. To learn more, see How the SecureAuth RADIUS server processes rules.
Performance improvements and bug fixes
Syslog for SecureAuth RADIUS server is not working.
Release Date: September 15, 2022
SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.
Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.
Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.
RAD-647 – SecureAuth RADIUS has been rebranded to feature SecureAuth's current colors and logos.
RAD-677 – The check box to enable Use Client Source IP Address was wrongly excluded from the Edit RADIUS Client page UI in a previous release. The check box has been re-added.
RAD-680 – An error that occurs when adding Backup IdP Hosts as a comma separated list has been fixed.
RAD-704 – The following libraries have been updated to these versions:
log4j-core: 2.18.0
slf4j-api: 1.7.36
log4j-slf4j-impl: 2.18.0
jdk: 11.0.16.1
Release Date: May 16, 2022
SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.
Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.
Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.
RAD-613 – Set the PIN length for your end users for the PIN + OTP authentication workflow. You can set a PIN length of up to 18 digits.
For configuration steps, see Optional configurations
RAD-685 – SecureAuth RADIUS supports Windows Server 2022.
Release Date: December 14, 2021
SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.
Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.
Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.
Apache Log4j vulnerability – On December 14, 2021, SecureAuth released a RADIUS Server fix to address potential threats caused by the Apache Log4j vulnerability. Download this fix from the SecureAuth Product Downloads page.
To learn more about the Apache Log4j vulnerability and SecureAuth's response to it, see SecureAuth security advisory – Apache Log4j vulnerability.
Release Date: December 14, 2020
SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.
Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.
Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.
Transactional logging requires the Identity Platform release 20.06 or later, using the
/authenticated
endpoint.Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.
Support for link-to-accept MFA – SecureAuth RADIUS now supports the link-to-accept multi-factor authentication method. Administrators can enable end users to receive a link on a registered phone or email address, and then end users can click the link to authenticate. To learn more, see Multi-screen login workflows.
Added GUID to identify requests for a session – By default, SecureAuth RADIUS now adds the globally unique identifier (GUID) to the authentication API X-Request-ID header for each request made to the Identity Platform. This matches requests in SecureAuth RADIUS logs with requests in the Identity Platform log. Admins needing to search the Identity Platform log file for a specific user during the same session can do so by using the GUID. See View GUID added to the X-Request-ID header.
RAD-505 – Improvements to log levels and log messages were made to the SecureAuth RADIUS server logs.
RAD-614 – End users can use the following special characters in user IDs: + ~ . ! @ $ % ^ & * ' _ (that is, plus sign, tilde, period, exclamation point, at sign, dollar sign, percent, caret, ampersand, asterisk, single quote, underscore).
Apache Log4j vulnerability – On December 14, 2021, SecureAuth released a RADIUS Server fix to address potential threats caused by the Apache Log4j vulnerability. Download this fix from the SecureAuth Product Downloads page.
To learn more about the Apache Log4j vulnerability and SecureAuth's response to it, see SecureAuth security advisory – Apache Log4j vulnerability.
Release Date: October 8, 2020
Added security for communication between SecureAuth RADIUS Server and the Identity Platform – You can import a certificate to the RADIUS trust store to ensure secure communication between SecureAuth RADIUS and SecureAuth Identity Platform. Enabling self-signed certificates is optional. To learn more, see Import certificate in RADIUS trust store.
Support for high concurrency – SecureAuth RADIUS server supports high concurrency when used with the PEAP protocol. SecureAuth has tested up to 100 parallel connections to the SecureAuth RADIUS server without any connections dropping from the server.
Dashboard metrics for SecureAuth RADIUS Server – Dashboard metrics are available for SecureAuth RADIUS server transactions. These metrics include login information for VPNs and remote server access. View metrics by selecting Home on the left side of the Identity Platform page.
Transactional logging requires SecureAuth Identity Platform release 20.06 or later, using the /authenticated endpoint.
RAD-503 – Administrators can configure the SecureAuth Identity Platform timeout value to maximize successful login requests. This is configured in the
appliance.radius.properties
file. For configuration steps, see Optional configurations.RAD-510 – A guidance message is displayed if a shared secret and realms are not defined for the SecureAuth RADIUS server.
RAD-519 – Administrators can enable Syslog logging on the SecureAuth RADIUS Server Settings page without configuration errors.
RAD-532 – Administrators can configure the number of Universal Datagram Protocol (UDP) threads that SecureAuth RADIUS can use to receive access-request packets. This is configured in the
appliance.radius.properties
file. For configuration steps, see Optional configurations.RAD-533 – If SecureAuth RADIUS receives multiple simultaneous requests to create a session for the same user, duplicate requests are rejected and the following error message is logged in the log4j2.xml file: "Multiple requests to create a session for the same user arrived simultaneously. Duplicate requests were rejected; check for network issues."
The cause might be network issues that force a load balancer or a VPN server to send requests that arrive at SecureAuth RADIUS at the same time.
RAD-535 – In SecureAuth RADIUS, when using the Password | Second Factor workflow with Push-to-Accept as the second factor, a push notification is sent to an end user device when they restart the authentication workflow after ignoring the first push notification.
RAD-556 – If your site has installed the SecureAuth RADIUS service on a separate server from the Identity Platform and the certificate authority (CA) that you have to sign your certificate is not installed in SecureAuth RADIUS trust store, you must import the certificate to the trust store. To learn more, see Import certificate to SecureAuth RADIUS trust store.
RAD-569 – In SecureAuth RADIUS, when using the Username | Second Factor | Password workflow with Symbol-to-Accept as the second factor, RADIUS server authenticates end users only after they input the correct symbol and password.
RAD-597 – Import now works on all servers when SecureAuth RADIUS already contains data and when it is empty.