Skip to main content

SecureAuth RADIUS Server release notes

The version numbers here apply to the SecureAuth RADIUS Server product version.

To download the latest version of SecureAuth RADIUS, go to Product Downloads.

See also the SecureAuth RADIUS Server documentation.

Version 24.02.02

Release Date: March 8, 2024

Compatibility
  • SecureAuth RADIUS version 24.02.02 is backwards compatible with previous Identity Platform releases.

Improvements and fixes
  • SAIDP-258 – Improvements for Adaptive Authentication checks and Dynamic IP blocking in SecureAuth RADIUS.

Known issues
  • Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.

Release Date: January 22, 2024

Compatibility
  • SecureAuth RADIUS version 24.01.02 is backwards compatible with previous Identity Platform releases.

Improvements and fixes
  • RAD-781 – An error where Symbol-to-Accept authentication fails is fixed.

  • RAD-659 – An error where the UI freezes when trying to export the configuration with no Shared Secret set is fixed. Administrators now see an error page when attempting this action.

  • RAD-749 – Configuring and selecting an API Endpoint on Radius Client settings is now mandatory. Also, when disabling an API Endpoint, if there is a Enabled RADIUS Client using it, an error occurs. This fixes an issue where the Client config did not update when an IdP realm was removed.

  • Performance improvements and bug fixes

Known issues
  • Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.

Release Date: November 10, 2023

Compatibility
  • SecureAuth RADIUS version 23.11 is backwards compatible with previous Identity Platform releases.

Improvements and fixes
  • RAD-663 – Added support for the Preferred Auto-Submit Method set by an Admin in a policy. To learn more about this setting in the Identity Platform, see Automatically submit preferred MFA method.

    To enable this feature, it requires a new setting in the appliance.radius.properties file. To learn more, see the Preferred MFA property in Optional configurations.

    Note: SecureAuth RADIUS version 23.11 supports this feature only in Identity Platform release 23.07-2 or later. Take note that RADIUS still does not support knowledge-based answers (KBA), FIDO2-enabled devices, and Symantec VIP and these will still not work for Preferred Auto-Submit MFA

  • Performance improvements and bug fixes

Known issues
  • Support for the Preferred Auto-Submit Method is limited to the Admin option. It will not apply user-defined preferred MFA.

Release Date: July 31, 2023

Compatibility
  • SecureAuth Identity Platform 23.07 or later

    Important

    You must upgrade to SecureAuth RADIUS Server version 20.12.15 before you upgrade to Identity Platform release 23.07.

  • SecureAuth RADIUS version 20.12.15 is backwards compatible with SecureAuth Identity Platform releases up to 22.12

Improvements and fixes
Known issue
  • Syslog for SecureAuth RADIUS server is not working.

Release Date: September 15, 2022

Compatibility
  • SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.

  • Transactional logging requires the Identity Platform release 20.06 or later, using the /authenticated endpoint.

  • Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.

Improvements and fixes
  • RAD-647 – SecureAuth RADIUS has been rebranded to feature SecureAuth's current colors and logos.

  • RAD-677 – The check box to enable Use Client Source IP Address was wrongly excluded from the Edit RADIUS Client page UI in a previous release. The check box has been re-added.

  • RAD-680 – An error that occurs when adding Backup IdP Hosts as a comma separated list has been fixed.

  • RAD-704 – The following libraries have been updated to these versions:

    • log4j-core: 2.18.0

    • slf4j-api: 1.7.36

    • log4j-slf4j-impl: 2.18.0

    • jdk: 11.0.16.1

Release Date: May 16, 2022

Compatibility
  • SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.

  • Transactional logging requires the Identity Platform release 20.06 or later, using the /authenticated endpoint.

  • Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.

Improvements and fixes
  • RAD-613 – Set the PIN length for your end users for the PIN + OTP authentication workflow. You can set a PIN length of up to 18 digits.

    For configuration steps, see Optional configurations

  • RAD-685 – SecureAuth RADIUS supports Windows Server 2022.

Release Date: December 14, 2021

Compatibility
  • SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.

  • Transactional logging requires the Identity Platform release 20.06 or later, using the /authenticated endpoint.

  • Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.

Known issues

Release Date: December 14, 2020

Compatibility
  • SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 to 22.12.

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.

  • Transactional logging requires the Identity Platform release 20.06 or later, using the /authenticated endpoint.

  • Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.

What's new
  • Support for link-to-accept MFA – SecureAuth RADIUS now supports the link-to-accept multi-factor authentication method. Administrators can enable end users to receive a link on a registered phone or email address, and then end users can click the link to authenticate. To learn more, see Multi-screen login workflows.

  • Added GUID to identify requests for a session – By default, SecureAuth RADIUS now adds the globally unique identifier (GUID) to the authentication API X-Request-ID header for each request made to the Identity Platform. This matches requests in SecureAuth RADIUS logs with requests in the Identity Platform log. Admins needing to search the Identity Platform log file for a specific user during the same session can do so by using the GUID. See View GUID added to the X-Request-ID header.

Improvements and fixes
  • RAD-505 – Improvements to log levels and log messages were made to the SecureAuth RADIUS server logs.

  • RAD-614 – End users can use the following special characters in user IDs: + ~ . ! @ $ % ^ & * ' _ (that is, plus sign, tilde, period, exclamation point, at sign, dollar sign, percent, caret, ampersand, asterisk, single quote, underscore).

Known issues

Release Date: October 8, 2020

What's new
  • Added security for communication between SecureAuth RADIUS Server and the Identity Platform – You can import a certificate to the RADIUS trust store to ensure secure communication between SecureAuth RADIUS and SecureAuth Identity Platform. Enabling self-signed certificates is optional. To learn more, see Import certificate in RADIUS trust store.

  • Support for high concurrency – SecureAuth RADIUS server supports high concurrency when used with the PEAP protocol. SecureAuth has tested up to 100 parallel connections to the SecureAuth RADIUS server without any connections dropping from the server.

  • Dashboard metrics for SecureAuth RADIUS Server – Dashboard metrics are available for SecureAuth RADIUS server transactions. These metrics include login information for VPNs and remote server access. View metrics by selecting Home on the left side of the Identity Platform page.

    Transactional logging requires SecureAuth Identity Platform release 20.06 or later, using the /authenticated endpoint.

Improvements and fixes
  • RAD-503 – Administrators can configure the SecureAuth Identity Platform timeout value to maximize successful login requests. This is configured in the appliance.radius.properties file. For configuration steps, see Optional configurations.

  • RAD-510 – A guidance message is displayed if a shared secret and realms are not defined for the SecureAuth RADIUS server.

  • RAD-519 – Administrators can enable Syslog logging on the SecureAuth RADIUS Server Settings page without configuration errors.

  • RAD-532 – Administrators can configure the number of Universal Datagram Protocol (UDP) threads that SecureAuth RADIUS can use to receive access-request packets. This is configured in the appliance.radius.properties file. For configuration steps, see Optional configurations.

  • RAD-533 – If SecureAuth RADIUS receives multiple simultaneous requests to create a session for the same user, duplicate requests are rejected and the following error message is logged in the log4j2.xml file: "Multiple requests to create a session for the same user arrived simultaneously. Duplicate requests were rejected; check for network issues."

    The cause might be network issues that force a load balancer or a VPN server to send requests that arrive at SecureAuth RADIUS at the same time.

  • RAD-535 – In SecureAuth RADIUS, when using the Password | Second Factor workflow with Push-to-Accept as the second factor, a push notification is sent to an end user device when they restart the authentication workflow after ignoring the first push notification.

  • RAD-556 – If your site has installed the SecureAuth RADIUS service on a separate server from the Identity Platform and the certificate authority (CA) that you have to sign your certificate is not installed in SecureAuth RADIUS trust store, you must import the certificate to the trust store. To learn more, see Import certificate to SecureAuth RADIUS trust store.

  • RAD-569 – In SecureAuth RADIUS, when using the Username | Second Factor | Password workflow with Symbol-to-Accept as the second factor, RADIUS server authenticates end users only after they input the correct symbol and password.

  • RAD-597 – Import now works on all servers when SecureAuth RADIUS already contains data and when it is empty.