Skip to main content

Hotfixes

The following lists hotfixes for the SecureAuth® Identity Platform release 22.12.

22.12 hotfixes

Release No.

Release Date

Ref ID

Issue / Description

22.12-6

9-Aug-2023

EE-3264

OIDC Endpoint Improvement – Added improvements to consent storage for supporting multiple active tokens during introspection.

EE-3275

HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads.

EE-3302

Configuration Setting for ACS URL Restriction – Added a configuration setting to turn ON or OFF the ACS URL whitelist enforcement.

Important

Before you install this hotfix, see this KB article: How to establish trust for ACS redirects in SP-initiated SAML requests

22.12-5

14-Jul-2023

EE-3196

Migration Issue with Profile Datastore – Addressed issue with a SQL profile provider data store not working correctly after a Classic to New Experience realm migration.

EE-3202

Setting to Pre-Populate Username Field – Added setting to turn on or off the username autofill setting for SP-initiated login workflows.

By default, this setting is turned on. Contact Support to turn this on or off.

EE-3259

Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm.

EE-3289

Fix for ACS URL Restriction in SAML Integration – Bug fix for ACS URL whitelist functionality related to EE-3252 in the previous 22.12-4 hotfix.

22.12-4

23-Jun-2023

EE-2557

Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen.

EE-3212

Identity Platform Upgrade Issue with Data Store – Addressed issue with edge cases around a data store that is no longer functional in the New Experience after an Identity Platform upgrade.

EE-3225

AD-LDS Password Validation Issue – Addressed issue with AD-LDS connections that use user + password workflows in the Advanced Settings (formerly Classic Experience).

EE-3230

API Calls and Push Notification Issue in Login for Windows – Added logic for stateless API calls to load balancers for push to accept in Login for Windows.

EE-3252

ACS URL Restriction in SAML Integration – Added logic to restrict incoming ACS URL in the SAML request by validating them against a whitelist.

EE-3257

Conditional Access – Added out of the box integration with Conditional Access and the Identity Platform.

To learn more, see Microsoft Conditional Access Custom Controls integration guide.

EE-3258

FIPS Compliance on User Handler Web Service Page – Added logic to make EncryptUser.aspx page compliant with FIPS.

EE-3259

Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm.

22.12-3

21-Apr-2023

EE-3175

Realm Migration Issue – Addressed Classic to New Experience realm migration issue with case sensitivity in folder names.

EE-3201

Pre-populate Username Field Issue – Addressed bug with prefilling the username field using the querystring value for SP-initiated workflows, during the login redirect to the SecureAuth IdP.

EE-3205

Missing MFA on 2016 Theme in New Experience Applications – Addressed issue with Admin API ignoring a setting required by only the 2016 Theme for displaying all expected MFA.

EE-3207

Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen.

EE-3210

Allow Password Suppression Issue – Addressed issue with password suppression not triggering when used with symbol-to-accept MFA.

EE-3221

Auth API Issue – Added logic to better handle TOTP brute force throttling for the Auth API. Change will benefit API consumers (i.e. RADIUS) when validating TOTP for users with multiple enrollments.

22.12-2

29-Mar-2023

EE-2846

API Calls and Push Notification Issue – Added logic for stateless API calls to load balancers for push to accept.

EE-3035

Login for Endpoints Improvement – Added improvements to better handle connectivity when a service goes offline.

EE-3055

ASP.NET DB Support – Added support for the ASP.NET database to the data store integrations in the New Experience.

EE-3073

EncryptUser Issue – Addressed issue with a truncated URL in EncryptUser.aspx.

EE-3091

Submit Button in 2019 Theme Issue – Addressed issue in 2019 Theme where the Submit button was not in focus when an MFA option is selected.

EE-3093

Realm 997 cleanup – Realm 997 was previously reserved for another Identity Platform integration and thus would sync SSO with Realm 0. We've removed the integration; this ticket removes the synchronization to performs as expected if you have an application using this realm number.

EE-3098

LDAP Authentication Improvement – Added logic to make LDAP authentication over SSL/TLS more secure.

EE-3139

SVG Image Support – Added support for .svg images in Advanced Settings for Company Logo on login pages.

EE-3165

Security Issue – Added logic to improve masking of a password field in Advanced settings.

22.12-1

24-Jan-2023

EE-2684

Passcode App Update – Supports the ability to register on more than one computer.

This requires an updated version of Passcode for Windows or Passcode for Mac.

EE-2968

YubiKey HOTP Issue – Addressed issue with a login loop if a user taps their YubiKey and inadvertently clicks the Submit button.

EE-3039

New Experience Realm Issue – Addressed issue with setting up a New Experience realm without a data store configuration.

EE-3088

Support for SCIM Provisioning – Added more support for SCIM features like profile updates, group provisioning, and so on.

To learn more, see SCIM provisioning overview.