Hotfixes

22.12-13

24-Apr-2025

EE-3463

Microsoft EAM Integration – Added support for Microsoft External Authentication Method (EAM).

To learn more, see Microsoft Conditional Access External Authentication Method (EAM) integration guide.

EE-3469

Google Social ID Issue – Resolved issue with Google social ID authentication for applications using the New Experience.

EE-3501

Knowledge-Base Questions Conversions Issue – Resolved an issue where KBQs were not properly converted during setup and login on the Help Desk or during an Inline password change.

EE-3511

Conditional Access Issue – Resolved an issue with Custom Controls in Conditional Access.

EE-3528

Realm Name Change Issue – Resolved issue with changing realm name or descriptions in the Advanced Settings.

EE-3582

Better Support for WantAuthNRequestsSigned – Added improved handling of the WantAuthnRequestsSigned parameter in the metadata file for enhanced SAML configuration compatibility.

22.12-12

18-Apr-2024

EE-3418

Debug Logs Update – Security update to prevent sensitive information about SQL service accounts in debug logs for SQL connections created in the New Experience.

EE-3423

Help Desk Page Issue – Addressed an issue with apostrophe handling in GET User requests for Help Desk pages.

22.12-11

13-Mar-2024

EE-3414

SecureAuth Auth API Update – Improvements in the SecureAuth API to support Dynamic IP blocking. SecureAuth RADIUS now supports consuming this new change.

See the SecureAuth RADIUS Server release notes release notes for the latest update.

22.12-10

16-Feb-2024

IDP-12309

Level of Assurance (LOA) Provider – We've integrated a machine-learning based Assurance Provider to analyze login patterns of users. It generates a Level of Assurance (LOA) confidence score for each user. The LOA score helps decide whether to increase or decrease user friction at the time of login.

To learn more about configuring and using LOA, see SecureAuth Level of Assurance (LOA) Provider settings.

22.12-9

29-Jan-2024

EE-1730, EE-3373

Security Issue – Security improvements for managing UserExchange Web Service for Custom application integrations.

EE-3375

Updates to Send FIDO2 Confirmation Email – Updates include logging enhancement, and a resource field for the replyDisplayName for the email output.

This relates to EE-3359 in the 22.12-8 hotfix.

EE-3380

CyberArk Username Issue – Addressed issue with not saving the CyberArk username in the Advanced Settings (on the Data tab for Datastore connection settings).

EE-3382

Single User Logout URL Issue – Added logic to the metadata for the single logout service URL.

EE-3385

ASP.NET Issue – Added improvement to async in ASP.NET targeting dynamic IP blocking.

EE-3391

Authentication Issue – Addressed an issue with random authentication errors.

22.12-8

15-Nov-2023

EE-3292

Transparent Single Sign-On Issue – Addressed an issue when using custom token user data with a comma which invalidated the TSSO. We utilized the existing Delimiter setting to allow adjustments to parsing the cookie data with a delimiter known not to clash with user data.

EE-3317

CyberArk Credentials Issue – Addressed issue with not being able to save the CyberArk Vault username in the Advanced Settings.

EE-3359

Send FIDO2 Confirmation Email – Added a configuration setting to send a confirmation email to end users when they enroll or remove a FIDO2 authenticator in their profile.

To learn more about configuring this setting, see How to send a confirmation email about a FIDO2 device

22.12-7

2-Oct-2023

EE-3264

OIDC Endpoint Improvement – Added improvements to consent storage for supporting multiple active tokens during introspection.

Update: Added some null checks to fix issues with backward compatibility.

EE-3275

HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads.

Update: Improvement to append the serial number to the name of the device to display in the MFA options list.

EE-3318

MFA Method Order Improvement – Added improvement to retain the RegMethodOrder value in the web.config after you make a change in the New Experience.

After installing the hotfix, to apply this update, adjust each policy. Simply tweak a setting in each policy, save, revert, then save again.

EE-3320

Password Change on Disabled Accounts Issue – Addressed issue affecting disabled accounts with a Change Password on Next login setting.

EE-3325

Password Reset Issue – Addressed tenant upgrade issue that impacted the "Must change password on next logon" setting in cloud deployments.

22.12-6

9-Aug-2023

EE-3264

OIDC Endpoint Improvement – Added improvements to consent storage for supporting multiple active tokens during introspection.

EE-3275

HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads.

EE-3302

Configuration Setting for ACS URL Restriction – Added a configuration setting to turn ON or OFF the ACS URL whitelist enforcement.

22.12-5

14-Jul-2023

EE-3196

Migration Issue with Profile Datastore – Addressed issue with a SQL profile provider data store not working correctly after a Classic to New Experience realm migration.

EE-3202

Setting to Pre-Populate Username Field – Added setting to turn on or off the username autofill setting for SP-initiated login workflows.

By default, this setting is turned on. Contact Support to turn this on or off.

EE-3259

Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm.

EE-3289

Fix for ACS URL Restriction in SAML Integration – Bug fix for ACS URL whitelist functionality related to EE-3252 in the previous 22.12-4 hotfix.

22.12-4

23-Jun-2023

EE-2557

Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen.

EE-3212

Identity Platform Upgrade Issue with Data Store – Addressed issue with edge cases around a data store that is no longer functional in the New Experience after an Identity Platform upgrade.

EE-3225

AD-LDS Password Validation Issue – Addressed issue with AD-LDS connections that use user + password workflows in the Advanced Settings (formerly Classic Experience).

EE-3230

API Calls and Push Notification Issue in Login for Windows – Added logic for stateless API calls to load balancers for push to accept in Login for Windows.

EE-3252

ACS URL Restriction in SAML Integration – Added logic to restrict incoming ACS URL in the SAML request by validating them against a whitelist.

EE-3257

Conditional Access – Added out of the box integration with Conditional Access and the Identity Platform.

To learn more, see Microsoft Conditional Access Custom Controls integration guide.

EE-3258

FIPS Compliance on User Handler Web Service Page – Added logic to make EncryptUser.aspx page compliant with FIPS.

EE-3259

Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm.

22.12-3

21-Apr-2023

EE-3175

Realm Migration Issue – Addressed Classic to New Experience realm migration issue with case sensitivity in folder names.

EE-3201

Pre-populate Username Field Issue – Addressed bug with prefilling the username field using the querystring value for SP-initiated workflows, during the login redirect to the SecureAuth IdP.

EE-3205

Missing MFA on 2016 Theme in New Experience Applications – Addressed issue with Admin API ignoring a setting required by only the 2016 Theme for displaying all expected MFA.

EE-3207

Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen.

EE-3210

Allow Password Suppression Issue – Addressed issue with password suppression not triggering when used with symbol-to-accept MFA.

EE-3221

Auth API Issue – Added logic to better handle TOTP brute force throttling for the Auth API. Change will benefit API consumers (i.e. RADIUS) when validating TOTP for users with multiple enrollments.

22.12-2

29-Mar-2023

EE-2846

API Calls and Push Notification Issue – Added logic for stateless API calls to load balancers for push to accept.

EE-3035

Login for Endpoints Improvement – Added improvements to better handle connectivity when a service goes offline.

EE-3055

ASP.NET DB Support – Added support for the ASP.NET database to the data store integrations in the New Experience.

EE-3073

EncryptUser Issue – Addressed issue with a truncated URL in EncryptUser.aspx.

EE-3091

Submit Button in 2019 Theme Issue – Addressed issue in 2019 Theme where the Submit button was not in focus when an MFA option is selected.

EE-3093

Realm 997 cleanup – Realm 997 was previously reserved for another Identity Platform integration and thus would sync SSO with Realm 0. We've removed the integration; this ticket removes the synchronization to performs as expected if you have an application using this realm number.

EE-3098

LDAP Authentication Improvement – Added logic to make LDAP authentication over SSL/TLS more secure.

EE-3139

SVG Image Support – Added support for .svg images in Advanced Settings for Company Logo on login pages.

EE-3165

Security Issue – Added logic to improve masking of a password field in Advanced settings.

22.12-1

24-Jan-2023

EE-2684

Passcode App Update – Supports the ability to register on more than one computer.

This requires an updated version of Passcode for Windows or Passcode for Mac.

EE-2968

YubiKey HOTP Issue – Addressed issue with a login loop if a user taps their YubiKey and inadvertently clicks the Submit button.

EE-3039

New Experience Realm Issue – Addressed issue with setting up a New Experience realm without a data store configuration.

EE-3088

Support for SCIM Provisioning – Added more support for SCIM features like profile updates, group provisioning, and so on.

To learn more, see SCIM provisioning overview.