Hotfixes

The following lists hotfixes for the Identity Platform release 22.02.

22.02 hotfixes

Release No.

Release Date

Ref ID

Issue / Description

22.02-3

08-Aug-2022

EE-2852

SAML Update Issue – Addressed issue with updating SAML settings, which prevented data store lookups in the membership provider.

EE-2855

Digital Fingerprint (DPF) in 2019 Theme Issue – Addressed issue with browser device fingerprint sometimes not pushing out MFA.

22.02-2

30-Jun-2022

IDP-10080

FIDO2 Improvements – Improvement to the user experience to display the name of FIDO devices in the login authentication delivery method list.

IDP-10235

Enhanced SAML Consumer – Added the ability to integrate the Identity Platform as a SAML SP with Acceptto eGuardian or any third-party IdP.

IDP-10256

Data Store Test Connection Improvement – The data store integration settings now has a Test Credentials button to help test your data store connection.

Available to supported data stores in Identity Platform hybrid deployments.

IDP-10267

Account Management Issue – Addressed issue with CyberArk SQL data store profile updates through the Account Management (Help Desk) page.

IDP-10279

Endpoint Login Issue – When a user logs in locally on a workstation with a validated password that does not match their password stored in their organization's domain data store, the login screen will prompt the user for their domain password before MFA.

IDP-10290

Migration Support – Added support in the Identity Platform to migrate Classic Experience realms to the New Experience.

For more information about migrating Classic Experience realms, see Classic Experience migration to the New Experience

IDP-10294

Username Look up Performance Improvement – Added support for domain\username look ups in the New Experience to address performance issues.

To address performance issues with username look ups across multiple data stores, you can use the data store name as the "domain" identifier in the login string, like domain\username.

For example, the data store name in the New Experience is acmeAD and your login username is jsmith, you would enter acmead\jsmith as the username in the login workflow.

Data store name must only have alphanumeric characters and no spaces or symbols

For more information, see the knowledge base article: How to speed up logins to applications

IDP-10295

Passcode App Issue – Fixed issue where it did not correctly register the Passcode app on a desktop machine.

IDP-10296

Mobile Services Migration Issue – Addressed an Identity Platform upgrade issue with mapped OATH Tokens.

IDP-10297

TOTP Throttling Improvement – Improvement to TOTP throttling logic; cache is correctly cleared on successful login attempt.

IDP-10305

AppPool Performance Improvement – Improve AppPool performance with Identity Platform call to SecureAuth cloud services.

IDP-10309

New Application Improvement – In the New Experience, when you create a new application, endpoint, or FIDO2 enrollment page, you can select the realm number.

IDP-10325

RBAC Configuration Issue – Addressed an issue with saving configuration changes to the role-based access control (RBAC) on the UI.

IDP-10328

Adaptive Auth Redirect Issue – Addressed issue with signature validation in SP-init redirect to a different realm.

IDP-10329

Country Code Lookup Issue – Addressed issue with the default country code issue on the Classic Multi-Factor Methods tab.

IDP-10330

Audit Log Update – Update in the Auth API to mask knowledge-based answers (KBA) in the Audit logs.

IDP-10343

FIDO2 Device Registration Improvement – Added support for administrators to define FIDO2 device restrictions for their end users in the global settings.

For more information about the Advanced Settings configuration, see FIDO2 WebAuthn global MFA settings

IDP-10347

Global Aux ID Support – Added support for Global Aux IDs in the Application Manager connection settings in a new "Static Attributes" section.

IDP-10400

Digital Fingerprint Issue – Addressed issue with user agent string picking up identical digital fingerprint settings in Google Chrome and Microsoft Edge.

After applying the hotfix, this issue can still occur for a specific configuration. See this KB article for a workaround: Workaround for digital fingerprint hotfix

IDP-10401

Remove Mobile Device Issue – Addressed issue with removing mobile devices on the Account Management (Help Desk) page.

IDP-10402

Session URL Issue – EncryptUser.aspx has a ReturnURL to send the encrypted user cookie after authentication. This fix allows a dynamic ReturnURL, if it is provided and our ReturnURL is left blank.

IDP-10403

Application Integration Support – Added support for unique application integrations that do not require the selection of a data store in the application integration settings.

IDP-10442

Legacy Mobile App Registration Issue – Fixed an issue where legacy SecureAuth Authenticate app mobile registrations were not showing as an MFA method.

IDP-10443

Option to Hide HID Token Button Support – Added support to optionally hide the HID token button in the Self-Service and Help Desk pages.

To use this feature, go to the Classic UI > Post Authentication tab for the Account Management Help Desk or Self-Service page configuration and set the Hard Token Button display type to Show or Hide.

IDP-10444

Proof Key for Code Exchange (PKCE) Improvement – Improve PKCE support to revoke access tokens without a client secret.

IDP-10449

FIDO2 Support – Added support to enable FIDO2 devices in the Classic Experience.