Resolved issues

The Identity Platform product release 22.02 includes the following resolved issues.

22.02 resolved issues

Ref IDs

Issue

IDP-9565

Login Delay Issue – Resolved an issue resulting in potential delays for the login page when using IWA or Transparent SSO.

Merged into this release from hotfix applied in 19.07.01-31, 20.06-8 , 21.04-1 (EE-2070)

IDP-9566

AD LDS Account Unlocking Issue – Addressed an issue causing the Identity Platform to incorrectly see accounts locked that had been previously unlocked by (AD LDS).

Note

A fallback xml attribute for the lockout duration was added to the web.config. Contact Support for more information.

Merged into this release from hotfix applied in 19.07.01-31, 20.06-8, 21.04-1 (EE-2040)

IDP-9568

Adaptive Endpoint Issue – Resolved an issue causing the endpoint to incorrectly prompt for 2FA for users in an allowed group.

Merged into this release from hotfix applied in 19.07.01-31, 20.06-8, 21.04-1 (EE-1972)

IDP-9569

Error Handling Improvement – Added additional logic to better manage errors that occur when using the API OTP validate endpoint.

Merged into this release from hotfix applied in 19.07.01-31, 20.06-8, 21.04-1 (EE-1855)

IDP-9604

Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-2 (EE-1947 / EE-2265)

IDP-9606

Password Throttling API Response Message – Added additional clarification to password throttling AP response message.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-1 (EE-1652)

IDP-9609

OIDC Issue – Added logic to better handle login prompts.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-1 (EE-2120)

IDP-9610

IPv6 Address Handling Improvement – Enhanced ability to better manage IPv6 addresses.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-1 (EE-2077)

IDP-9622

Performance Issue Update – Enhancement to an earlier hotfix for this issue.  Better exception handling to improve system performance during login and enrollment workflows.

Merged into this release from hotfix applied in 19.07.01-29, 21.04-1 (EE-2039)

IDP-9643

OpenID Connect Scopes Issue – Resolved an issue with OpenID scope values not rendering correctly for OIDC Authorizations.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-1 (EE-2116)

IDP-9644

Default MFA Delivery Options Improvement – Added logic so that the first MFA option on the list is always selected by default.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-1 (EE-2106)

IDP-9645

Content and Localization Issue – Addressed issue where edits in the verbiage editor did not show up on the Logout.aspx page.

Merged into this release from hotfix applied in 20.06-9, 21.04-1 (EE-2029)

IDP-9665

SAML OneTimeUse Condition Support – Added support for the SAML OneTimeUse condition.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-2 (EE-1814)

IDP-9666

SAML Assertion Update – Added support for FriendlyName user attribute.

To use the FriendlyName user attribute, it requires the following application setting in the web.config:

<add key=“ExtendedSAMLAttrXXFriendlyName” value=“YourFriendlyName” />

Where XX is a number between 1-10 associated with the attribute.

For Identity Platform cloud deployments, contact Support to update your web.config.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-2 (EE-1969)

IDP-9675

WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-2 (EE-2253)

IDP-9676

Added New Response Times to Audit Logs – Addressed issue to include OTP response times in audit logs.

Merged into this release from hotfix applied in 19.07.01-32, 20.06-9, 21.04-2 (EE-2092)

IDP-9685

Migration Support – Added migration support for complex use cases for upgrade customers using push tokens and TOTP in mobile services.

For more information, see SecureAuth mobile services and contact Support.

Merged into this release from hotfix applied in 21.04-2 (EE-2304)

IDP-9711

International Phone Format Issue – Addressed an issue that affected some international phone number formats.

Merged into this release from hotfix applied in 19.07.01-32, 21.04-2 (EE-2251)

IDP-9869

Account Update Issue – Addressed an issue that affected the Account Update page when using a Web Service (Multi-Datastore) with Windows SSO.

Merged into this release from hotfix applied in 20.06-10, 21.04-3 (EE-2221)

Web Service (Multi-Datastore) Realm Issue – Addressed login issues using TOTP OATH token with Google Authenticator.

Merged into this release from hotfix applied in 20.06-10, 21.04-3 (EE-2337)

IDP-9872

Email Template Support – Reinstate support to customize email templates in the Identity Platform for cloud deployments.

Merged into this release from hotfix applied in 19.07.01-33, 20.06-11, 21.04-3 (EE-2248)

IDP-9873

Password Reset Support – Added support to unlock account first on the Password Reset page and then redirect users to reset their password.

Merged into this release from hotfix applied in 20.06-10, 21.04-3 (EE-2326)

IDP-9874

SAML Flow Issue – Addressed issue in which the SAML assertion strips out the OIDC request.

Merged into this release from hotfix applied in 21.04-3 (EE-2393)

IDP- 9916

JSON Web Token Support – Added support for iat (issued at) attribute.

Merged into this release from hotfix applied in 9.3.0-24, 19.07.01-34, 20.06-11, 21.04-5 (EE-2438)

IDP-9928

2019 Theme Issue – Reinstate support in the Classic Experience Web Admin for the URL links to Forgot Username, Forgot Password, and Restart Login pages for the 2019 Theme.

Merged into this release from hotfix applied in 19.07.01-33, 20.06-10, 21.04-3 (EE-2331)

IDP-9929

OIDC Issue – Added logic to better handle double logins in use cases where the user clicks Submit, and presses Enter.

Merged into this release from hotfix applied in 19.07.01-33, 20.06-11, 21.04-4 (EE-2261)

IDP-9931

Mobile Authentication – Fixed issue where an extra comma was incorrectly added to a payload file.

Merged into this release from hotfix applied in 19.07.01-33, 20.06-10, 21.04-3 (EE-2121)

IDP-9932

Identity Management API Issue – Addressed issue with Identity Management (IDM) API failure to create user in the Identity Store.

Merged into this release from hotfix applied in 21.04-5 (EE-2350)

IDP-10010

Password Reset Improvement – Improvement to to self-service password reset functionality for a specific use case.

Merged into this release from hotfix applied in 20.06-11, 21.04-5 (EE-1968)

IDP-10012

Web Admin UI Issue – Addressed issue with the Test Connection button on the Data tab.

Merged into this release from hotfix applied in 9.3.0-24, 19.07.01-33, 20.06-11, 21.04-4 (EE-2345)

IDP-10049

2019 Theme Issue – Addressed display issue in 2019 Theme for the OIDCEndSession.aspx page.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-6 (EE-2475)

IDP-10054

SQL Database Log Improvement – Improve null handling for SQL database logs.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-5 (EE-2469)

IDP-10056

Adaptive Group Check Issue – Addressed issue to ensure that the adaptive group check is correctly performed after an invalid password attempt.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-5 (EE-2443)

IDP-10058

Public / Private Mode Issue – Addressed an issue to ensure the system honors a change to the public/private mode setting in the Classic Experience.

Merged into this release from hotfix applied in 20.06-12, 21.04-5 (EE-2477)

IDP-10059

Custom Token Value Support – New option to Base64 encode the custom token value.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-5 (EE-2043)

IDP-10075

SQL Connection String Upate Issue – Addressed issue with SQL data store not reflecting the updated connection string.

IDP-10076

Login for Windows Authentication Issue – Fixed issue where HOTP device did not work correctly for API authentication in Login for Windows.

Merged into this release from hotfix applied in 21.04-6 (EE-2540)

IDP-10093

Webservice Profile Lookup Issue – Addressed issue causing removal of profile data. The following describes this issue in more detail.

A rare scenario occurs in the web service when the lookup for a user's membership succeeds, and in the same request, the profile lookup times out. The user does not receive an error and it allows the user to proceed in the login workflow.

If the login workflow included a multi-factor method (MFA), a different error message would display, related to not finding any MFA in the user's profile.

If the login workflow is only username and password, then the login would succeed and save an empty profile for the user. This issue clears all writable values in the user profile.

This issue first occurred after a previous hotfix (EE-2253) to reduce the web service timeout to a reasonable value (5 seconds).

Web service timeouts usually occur when the login to a realm has been idle for too long and suspends itself.

The hotfix prevents the user profile from clearing out by not allowing the user to continue in the current login request during a timeout. If the timeout is due to an idle realm, the second attempt normally succeeds and the user can continue the login workflow.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-6 (EE-2181)

IDP-10097

Proof Key for Code Exchange (PKCE) Improvement – Improve PKCE support to allow Refresh Token use without the client_secret.

Merged into this release from hotfix applied in 19.07.01-34, 20.06-12, 21.04-5, 21.04-6 (EE-2469)