SecureAuth RADIUS Server release notes

Updated May 6, 2022

The following sections describe the release highlights and enhancements, including resolved and known issues, for the SecureAuth® Identity Platform RADIUS Server.

Note the following compatibility requirements:

  • SecureAuth IdP version 9.2.x or later, or SecureAuth Identity Platform release 19.07 or later

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform release 19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require the Identity Platform release 19.07 or later, using the 2019 theme.

  • Transactional logging requires the Identity Platform release 20.06 or later, using the /authenticated endpoint.

  • Link-to-accept for SecureAuth RADIUS version 20.12 requires the Identity Platform hotfix release 19.07.01-25 or later, or release 20.06-2 or later.

Version 20.12.10

Release Date: May 16, 2022

Enhancements
  • RAD-613 – Set the PIN length for your end users for the PIN + OTP authentication workflow. You can set a PIN length of up to 18 digits.

    For configuration steps, see Install SecureAuth RADIUS Server version 20.12

  • RAD-685 – SecureAuth RADIUS supports Windows Server 2022.

Version 20.12.07

Release Date: December 14, 2021

Known issues

Version 20.12

Release Date: December 14, 2020

What's new
  • Support for link-to-accept MFA – SecureAuth RADIUS now supports the link-to-accept multi-factor authentication method. Administrators can enable end users to receive a link on a registered phone or email address, and then end users can click the link to authenticate. To learn more, see Multi-screen login workflows.

  • Added GUID to identify requests for a session – By default, SecureAuth RADIUS now adds the globally unique identifier (GUID) to the authentication API X-Request-ID header for each request made to the Identity Platform. This matches requests in SecureAuth RADIUS logs with requests in the Identity Platform log. Admins needing to search the Identity Platform log file for a specific user during the same session can do so by using the GUID. See View GUID added to the X-Request-ID header.

Enhancements
  • RAD-505 – Improvements to log levels and log messages were made to the SecureAuth RADIUS server logs.

  • RAD-614 – End users can use the following special characters in user IDs: + ~ . ! @ $ % ^ & * ' _ (that is, plus sign, tilde, period, exclamation point, at sign, dollar sign, percent, caret, ampersand, asterisk, single quote, underscore).

Known issues

Version 20.06

Release Date: October 8, 2020

What's new
  • Added security for communication between SecureAuth RADIUS Server and the Identity Platform – You can import a certificate to the RADIUS trust store to ensure secure communication between SecureAuth RADIUS and SecureAuth Identity Platform. Enabling self-signed certificates is optional. To learn more, see Import certificate in RADIUS trust store.

  • Support for high concurrency – SecureAuth RADIUS server supports high concurrency when used with the PEAP protocol. SecureAuth has tested up to 100 parallel connections to the SecureAuth RADIUS server without any connections dropping from the server.

  • Dashboard metrics for SecureAuth RADIUS Server – Dashboard metrics are available for SecureAuth RADIUS server transactions. These metrics include login information for VPNs and remote server access. View metrics by selecting Home on the left side of the Identity Platform page.

    Transactional logging requires SecureAuth Identity Platform release 20.06 or later, using the /authenticated endpoint.

Enhancements
  • RAD-503 – Administrators can configure the SecureAuth Identity Platform timeout value to maximize successful login requests. This is configured in the appliance.radius.properties file. For configuration steps, see Install SecureAuth RADIUS Server version 20.12.

  • RAD-510 – A guidance message is displayed if a shared secret and realms are not defined for the SecureAuth RADIUS server.

  • RAD-519 – Administrators can enable Syslog logging on the SecureAuth RADIUS Server Settings page without configuration errors.

  • RAD-532 – Administrators can configure the number of Universal Datagram Protocol (UDP) threads that SecureAuth RADIUS can use to receive access-request packets. This is configured in the appliance.radius.properties file. For configuration steps, see Install SecureAuth RADIUS Server version 20.12.

  • RAD-533 – If SecureAuth RADIUS receives multiple simultaneous requests to create a session for the same user, duplicate requests are rejected and the following error message is logged in the log4j2.xml file: "Multiple requests to create a session for the same user arrived simultaneously. Duplicate requests were rejected; check for network issues."

    The cause might be network issues that force a load balancer or a VPN server to send requests that arrive at SecureAuth RADIUS at the same time.

  • RAD-535 – In SecureAuth RADIUS, when using the Password | Second Factor workflow with Push-to-Accept as the second factor, a push notification is sent to an end user device when they restart the authentication workflow after ignoring the first push notification.

  • RAD-556 – If your site has installed the SecureAuth RADIUS service on a separate server from the Identity Platform and the certificate authority (CA) that you have to sign your certificate is not installed in SecureAuth RADIUS trust store, you must import the certificate to the trust store. To learn more, see Import certificate in RADIUS trust store.

  • RAD-569 – In SecureAuth RADIUS, when using the Username | Second Factor | Password workflow with Symbol-to-Accept as the second factor, RADIUS server authenticates end users only after they input the correct symbol and password.

  • RAD-597 – Import now works on all servers when SecureAuth RADIUS already contains data and when it is empty.