Skip to main content

Hotfixes

The following lists hotfixes for the SecureAuth® Identity Platform release 23.07.

23.07 hotfixes

Release No.

Release Date

Ref ID

Issue / Description

23.07-8

10-May-2024

EE-3417

Performance Issue – Fixed data store loading issues in New Experience applications.

23.07-7

18-Apr-2024

EE-3403

IWA Fallback Improvement – This update ensures that the username field is selected by default when falling back to the forms-based authentication page.

EE-3418

Debug Logs Update – Security update to prevent sensitive information about SQL service accounts in debug logs for SQL connections created in the New Experience.

EE-3423

Help Desk Page Issue – Addressed an issue with apostrophe handling in GET User requests for Help Desk pages.

23.07-6

15-Mar-2024

EE-3414

SecureAuth Auth API Update – Improvements in the SecureAuth API to support Dynamic IP blocking. SecureAuth RADIUS now supports consuming this new change.

See the SecureAuth RADIUS release notes for the latest update.

23.07-5

16-Feb-2024

EE-3380

CyberArk Username Issue – Addressed issue with not saving the CyberArk username in the Advanced Settings (on the Data tab for Datastore connection settings).

EE-3382

Single User Logout URL Issue – Added logic to the metadata for the single logout service URL.

EE-3385

ASP.NET Issue – Added improvement to async in ASP.NET targeting dynamic IP blocking.

EE-3391

Authentication Issue – Addressed an issue with random authentication errors.

EE-3393

Hardstop Verbiage Customization – Added key to allow customization of the "Hardstopped by Analyze Engine" message.

To add the new hardstop_message key , you must use the "Update Resource" function on the updatewebconfig page.

IDP-12279

AppSetting to Extend SAML Attribute Limit – Added the ability to extend the SAMLAttrCountLimit appsetting value to more than the default 10 attributes in a SAML assertion.

You can change the SAMLAttrCountLimit value to a number greater than 10. Then, you must include the following appsetting values for each additional attribute.

string attributeName = Tools.ReadAppSettings("SAMLAttr" + i + "Name"); 
string attributeFriendlyName = Tools.ReadAppSettings("SAMLAttr" + i + "FriendlyName"); 
string attributeFormat = Tools.ReadAppSettings("SAMLAttr" + i + "Format"); 
string samlAttributeValue = Tools.ReadAppSettings("SAMLAttr" + i + "Value"); 
string matchExpression = Tools.ReadAppSettings("SAMLAttr" + i + "FilteredGroup");

Note: At this time, this is a manual setting. There will be a UI update coming in a future hotfix.

EE-3411

Include OATHOTP.aspx Page – This new post-authentication page will generate the TOTP for all the user’s enrolled devices.

IDP-12309

Level of Assurance (LOA) Provider – We've integrated a machine-learning based Assurance Provider to analyze login patterns of users. It generates a Level of Assurance (LOA) confidence score for each user. The LOA score helps decide whether to increase or decrease user friction at the time of login.

To learn more about configuring and using LOA, see SecureAuth Level of Assurance (LOA) Provider settings.

23.07-4

8-Jan-2024

EE-1730, EE-3373

Security Issue – Security improvements for managing UserExchange Web Service for Custom application integrations.

EE-2542

OIDC Realm Issue – Addressed issue for an edge case between OIDC Consent + Windows SSO + Transformation Engine.

EE-3252

AppSetting for ACS URL Restriction – Added missing <appSetting> for the ACS URL Restriction.

This relates to EE-3302 in the 23.07-1 hotfix.

EE-3361

Update Web.Config Issue – Added logic to preserve unique modifications running the update for the web.config file.

EE-3375

Updates to Send FIDO2 Confirmation Email – Updates include logging enhancement, and a resource field for the replyDisplayName for the email output.

This relates to EE-3359 in the 23.07-2 hotfix.

23.07-3

8-Dec-2023

EE-3360

AD LDS Data Store Issue – Addressed a test connection issue for the AD LDS data store in the New Experience.

EE-3362

SMS Issue with OTP – Addressed an issue where OTPs were sent as voice messages instead of SMS. This happened when using Voice/SMS combo option for Phone MFA method in themes 2013 and 2016 Light.

23.07-2

17-Nov-2023

EE-3292

Transparent Single Sign-On Issue – Addressed an issue when using custom token user data with a comma which invalidated the TSSO. We utilized the existing Delimiter setting to allow adjustments to parsing the cookie data with a delimiter known not to clash with user data.

EE-3317

CyberArk Credentials Issue – Addressed issue with not being able to save the CyberArk Vault username in the Advanced Settings.

EE-3318

MFA Method Order Improvement – Added improvement to retain the RegMethodOrder value in the web.config after you make a change in the New Experience.

After installing the hotfix, to apply this update, adjust each policy. Simply tweak a setting in each policy, save, revert, then save again.

EE-3359

Send FIDO2 Confirmation Email – Added a configuration setting to send a confirmation email to end users when they enroll or remove a FIDO2 authenticator in their profile.

To learn more about configuring this setting, see How to send a confirmation email about a FIDO2 device

IDP-11867

Support for Preferred MFA in RADIUS 23.11 – Added support for the Preferred Auto-Submit Method set by an Admin in a policy.

To learn more about Preferred MFA for RADIUS, see SecureAuth RADIUS version 23.11 release notes.

23.07-1

22-Sep-2023

EE-3139

SVG Image Support – Added support for .svg images in Advanced Settings for Company Logo on login pages.

EE-3196

Migration Issue with Profile Datastore – Addressed issue with a SQL profile provider data store not working correctly after a Classic to New Experience realm migration.

Hotfix merge into this release (EE-3202)

Setting to Pre-Populate Username Field – Added setting to turn on or off the username autofill setting for SP-initiated login workflows.

By default, this setting is turned on. Contact Support to turn this on or off.

EE-3257

Conditional Access – Added out of the box integration with Conditional Access and the Identity Platform.

To learn more, see Microsoft Conditional Access Custom Controls integration guide.

EE-3258

FIPS Compliance on User Handler Web Service Page – Added logic to make EncryptUser.aspx page compliant with FIPS.

EE-3259

Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm.

EE-3275

HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads.

EE-3288

2016 Light Theme Issue – Username + Password login workflow does not work correctly when the user enters their username and presses Enter instead of Tab to the password field.

EE-3302

Configuration Setting for ACS URL Restriction – Added a configuration setting to turn ON or OFF the ACS URL whitelist enforcement.

Important

Before you install this hotfix, see this KB article: How to establish trust for ACS redirects in SP-initiated SAML requests

EE-3320

Password Change on Disabled Accounts Issue – Addressed issue affecting disabled accounts with a Change Password on Next login setting.

EE-3335

SecureStore Issue – Addressed file locking issue with SecureStorageAPI during file sync to secondaries.