SecureAuth IdP Release Notes provide information on the features and improvements in each release. This page includes Release Notes for major releases and minor (bug fix) releases.
9.0.2 Release Notes
Released on December 19, 2016 Allow end-users to control which carriers and countries can be sent SMS or TTS When adding user via User Creation page and specifying a group, user – but not group assignment – is added to directory When encrypted password (Java only) is set with Java certs in private mode, first time password is entered, system reports it as "invalid" With the 2016 Theme applied, Inline Password Password Complexity instructions do not display if requirements are not met – appears only for a workflow with Username and Password on the same page
Version 9.0.2 New Features
Feature Description References Carrier network whitelisting / blacklisting https://docs.secureauth.com/x/xwSfAg Ported phone number status and control Allow end-users to mitigate risk on ported mobile devices https://docs.secureauth.com/x/xwSfAg Block SMS / TTS phone classes for OTP Increase assurance to real end-users by blocking SMS or TTS delivery to risky phone types https://docs.secureauth.com/x/xwSfAg Second Factor Throttling Allow end-users to protect against brute force and DOS attacks https://docs.secureauth.com/x/xAmfAg Send Ad Hoc OTP Support B2C use cases in which SMS is sent to a phone number and not saved in the data store https://docs.secureauth.com/x/sgljAg Improve DFP scoring logic More accurate DFP (device recognition), adapting to changes in browser technology Second Factor persistence User second factor selection is persisted
9.0.2 Resolved Issues
Ref ID Issue Description IDP-737 Push or OATH not displayed as second factors for split user profile Profile provider is not using the specified search attribute and therefore cannot decrypt Push or OATH tokens IDP-755 PIN default configuration not set PIN setting should default to encrypt IDP-916 CSRF Vulnerability CSRF Vulnerability appears in an IDM page IDP-1079 QR Code enrollment with IE browser throws an error QR Code enrollment using Authenticate App produces invalid passcode error in IE, but device is registered despite error IDP-1107 Unable to login with AD-LDS data source On some Web Admin configurations, the end-user is unable to logon when the data source is set to AD-LDS IDP-1127 User Creation fails to add user to group
9.0.2 Known Issues
Ref ID Issue Description IDP-17 HTML appended to logging text file When downloading a text log, superfluous HTML is added to the end of the log IDP-85 Appliance performance is impacted by a down Syslog Server Appliance performance is impacted when a Syslog server (on the same subnet) is completely offline (not just the service down) IDP-127 DFP fails with Windows FIPS mode enabled DFP fails in Windows with the FIPS mode enabled IDP-218 "Open in Browser" button is missing Open in browser button is missing in the Web Admin when viewing a custom group IDP-251 Help Desk "Clear KBA" checkbox stays checked 2016 Theme: Help Desk checkbox for clearing KBA / KBQ remains checked after retrieving a new user IDP-256 First time password entrance reported as "invalid" IDP-264 Localization support in Help Desk In the Help Desk section, many fields do not support localized language support IDP-416 Validate phone error message does not display With the 2016 Theme applied, the error message does not appear when using a regular expression to validate a phone 2444 Wait indicator continues when creating a new realm Wait indicator (spinner) remains on the screen after the process is completed 2671 Default verbiage usage Custom English verbiage is not used when the end-user is using a language unsupported by SecureAuth IdP 2672 Inline Password: Password Complexity instructions' visibility 2673 Password must be entered twice For an inline password change, if Username and Password are on the same page, end-user must enter password twice 2707 Submit button malfunctions on an Android mobile browser With the 2016 Theme applied, the Submit button does not work on an Android mobile browser for specific Android devices 2721 eDirectory Profile field data loss On the Web Admin, data is lost when the admin tries to save a page before the page is finished loading 2808 Help Desk – "Locked" status inaccuracy On the Help Desk page, the Lock status is inaccurate when using an ASP.NET datastore 2840 Cache+A10:A16 field not saved Time-based Passcodes (OATH) Cache Lockout Duration field does not retain a new value
Allow end-users to control which carriers and countries can be sent SMS or TTS
When adding user via User Creation page and specifying a group, user – but not group assignment – is added to directory
When encrypted password (Java only) is set with Java certs in private mode, first time password is entered, system reports it as "invalid"
With the 2016 Theme applied, Inline Password Password Complexity instructions do not display if requirements are not met – appears only for a workflow with Username and Password on the same page
9.0.1 Release Notes
Released on August 24, 2016
Version 9.0.1 New Features
Feature Description References Role-based Access Control (RBAC) Enables admins to provide delegated access to specific users based on LDAP directory groups. https://docs.secureauth.com/x/lwiLAg Screen Reader Tags to User Facing Pages Added to improve accessibility for all elements of user facing pages. CyberArk Password Vault Directory Integration Provides the support of CyberArk AIM privileged account vaulting for administrative accounts used in Web Admin. https://docs.secureauth.com/x/WwNjAg SailPoint Adaptive Authentication Engine Integration Enables Adaptive Authentication function leveraging risk scoring mechanism from SailPoint appliances (take action based on score). https://docs.secureauth.com/x/7QiLAg Exabeam Adaptive Authentication Engine Integration Enables Adaptive Authentication function leveraging risk scoring mechanism from Exabeam appliances (take action based on score). https://docs.secureauth.com/x/5giLAg Label Update in Web Admin Renamed labels to more easily understand functionality. https://docs.secureauth.com/x/nQiLAg Organization Taxonomy Update in Web Admin Reorganized menu structure of certain locations in the Web Admin. https://docs.secureauth.com/x/nQiLAg QR Code Registration OATH Seed and Token Mode Support Enhanced support for both TOTP seed modes with QR registration. https://docs.secureauth.com/x/E4JsAg SecureAuth IdP Setup Utility (SISU) Enhancements Added ability to select which SecureAuth IdP version to download. https://docs.secureauth.com/x/hApjAg WS-Federation Version and SHA Toggles Enables admins to manually set WS-Federation settings. TLS 1.0 Default Disablement Disables TLS 1.0 at the appliance level to increase security. Removal of Deprecated Post Authentication Pages Deprecated Post Authentication pages are no longer available to select in realms.
9.0.1 Resolved Issues
Ref ID Issue Description 1805 PIN field repopulation after cleared by user PIN field re-populates after being cleared by the user, but content for that field in the data store is deleted. 1905 Login "Submit" button is disabled 2016 Theme: When Java detection is set to False, the "Submit" button becomes disabled. 1954 Template Wizard hangs when test link is clicked A realm configured using the template wizard hangs when the test link is clicked. 1959 "Back" button error on Update or Decrypt web.config pages User receives a server error message when the "Back" button is clicked from updatewebconfig.aspx or decryptwebconfig.aspx page. 2258 Adaptive Authentication: unable to save "Disable" Failure Action Unable to save "Disable" as failure action depending on the order of the Adaptive Authentication factors. 1939 Password Unlock page does not display correct password status PasswordReset.aspx: Unlock account status always 'Normal' (can't tell if account is locked). 1943 Audit logging to Database failure Audit log entries failed to write to database target. 1966 API Web Admin page does not save when copying from another realm Changes to API configuration were not saved to additional realms. 1967 Wrong menu tab highlighted on the web.config Editor page Menu items selected in web admin were not always highlighted correctly on the menu bar. 2038 App links not working on QR code screen In mobile app QR registration page, links to mobile stores did not work. 2089 Missing Resx key in code for QR page Resx "configurable text" missing in mobile app QR registration page. 2268 JWT signature incorrect size The signature generated inside the JWT of the OpenID Connect assertion is 128 byte, not 256 byte. 2418 "Submit" button malfunction with Java Detection set to "False" When Client Side Control is set to Java and Java Detection is set to False, the "Submit " button does not function. 2471 Password requirements improperly displayed Password requirements do not display properly when in in-line password change on 2016 theme. 2520 "Allowed Groups" in profile provider not saved When selecting SQL Server, "Allowed Groups" value does not save. 2785 Create Realm from Template AWS failure Create new realm from AWS template fails with error: Conversion from type 'Guid' to type 'String' is not valid.
9.0.1 Known Issues
Ref ID Issue Description 811 HTML appended to logging text file When downloading a text log, superfluous HTML is added to the end of the log. 1273 DFP fails with Windows FIPS mode enabled DFP fails in Windows with the FIPS mode enabled. 1283 Appliance performance impacted by down Syslog Server Appliance performance is impacted when a Syslog server (on the same subnet) is completely offline (not just the service down). 2106 First time password entrance reported as "invalid" When encrypt password (java only) is set, and java certs in private mode, the first time a password is entered, the system reports it as "invalid". 2109 Validate phone error message not displayed 2016 Theme: error message does not appear using regular expression to validate phone. 2120 "Open in Browser" button missing Open in browser button missing in web admin when viewing custom group. 2145 Help Desk "Clear KBA" checkbox stays checked 2016 Theme: Help desk checkbox for clearing KBA/KBQ remains checked after getting a new user. 2253 Localization support in Help Desk In Help Desk many fields do not support localized language support. 2444 Wait indicator continues when creating new realm Wait indicator (spinner) remains on screen after process has competed. 2671 Default verbiage usage Custom English verbiage is not used when a user using a language not supported by IdP. 2672 Inline Password: Password Complexity instructions' visibility 2016 Theme: Inline Password Password Complexity instructions do not display upon not meeting requirements (only for Username & PW same page workflow option). 2673 Password must be entered twice Username and password are on same page with inline password change, user must enter password two times. 2707 "Submit" button malfunction on Android mobile browser 2016 Theme: "Submit" button does not work when using Android mobile browser with specific Android devices. 2721 eDirectory Profile field data loss In Web Admin, user saving page before page finishes loading causes loss of data. 2784 Create Realm from Template SuccessFactor failure Create realm from Template-SuccessFactors results in error: "Site has not been created, please check the sslsn in the web.config of the templates folder." 2808 Help Desk – "Locked" status inaccuracy Lock status is inaccurate in Helpdesk when using ASP.net datastore. 2840 "Cache Lockout Duration" field not saved Time-based Passcodes (OATH) Cache Lockout Duration field does not retain new value.
9.0.0 Release Notes
Released on April 29, 2016 OAuth 2.0 now supports flows for: Ref ID Issue Description
Version 9.0.0 New Features
Behavioral Biometrics API Behavioral Biometrics detects and monitors keystroke dynamics and cursor movements to build a user-specific profile. Characteristics in the user profile can be used for identification when validating credentials that may have been compromised: for example, if a bad actor attempts to access an app on a valid user's unattended desktop. This technology can be added to existing in-house applications, along with other adaptive technologies such as SecureAuth Device Recognition (Device Fingerprinting), to provide end-users strong authentication with little or no impact to the end-user. https://docs.secureauth.com/x/_IBsAg Identity Management API The new IdM API exposes the power of SecureAuth IdP IdM capabilities, providing tools for password reset, user creation, and user profile updates in an API. https://docs.secureauth.com/x/qYBsAg QR Code SecureAuth Authenticate Mobile App registration support QR Code lets end-users register the SecureAuth Authenticate mobile app by scanning a QR code versus entering a URL on a mobile phone and registering the embedded browser. Using QR Code simplifies the end-user onboarding process and streamlines the end-user experience. This feature requires the use of SecureAuth Authenticate 4.3 for iOS and Android. https://docs.secureauth.com/x/E4JsAg QR Code OTP support for Google Authenticator QR Code provides a new registration method to enable customers using Google Authenticator and other TOTP apps to now use Google Authenticator instead of the SecureAuth Authenticate application for time-based one-time passcodes. Note: Google Authenticator does not support Push Notification passcodes or Push-to-Accept (Mobile Login Requests). https://docs.secureauth.com/x/E4JsAg SIEM integration (CEF and LEEF support) Valuable data generated by SecureAuth IdP can now be fed to an existing IBM and HP SIEM, since support has been added for CEF and LEEF logging standards. CEF is the HP standard commonly used with the HP ArcSight product. LEEF is the IBM standard commonly used with the IBM QRadar product. https://docs.secureauth.com/x/NApjAg LDAP performance improvements The Open LDAP provider has been optimized, resulting in improved performance particularly when used with virtual directory servers. Password Reset enhancements Additional features and capabilities have been added to the Password Reset functionality, providing the administrator extra options and configurability. https://docs.secureauth.com/x/KApjAg Admin console changes to improve security and usability The launch screen has been consolidated with new "Tools" menu item added and the "Show Password" option removed. https://docs.secureauth.com/x/iApjAg OpenID Connect support enhancements OpenID Connect now supports JSON Web Token encryption. https://docs.secureauth.com/x/MQpjAg OAuth 2.0 support enhancements https://docs.secureauth.com/x/MQpjAg OTP security enhancements To improve security, each failed OTP attempt now results in an increased delay for each retry. New Logout page The new Logout page (logout.aspx) can be used in place of the existing Restart page (restart.aspx) for SAML (SP configured – SAML Logout URL). This new page will avoid looping back to authentication when the end-user logs out of the SAML application. Additional browser recognition Additional browser version identification has been included for Device / Browser Fingerprinting.
9.0.0 Resolved Issues
1245 TOTP entry fails if spaces are included Checked for spaces and sanitized TOTP input 1289 An expired license prevents web.admin access License expiration prevented access to web.admin 1292 License expiration message is not clear Changed license expiration message to be more descriptive 1309 Password expiration reset fails if the wrong password is entered Expired password reset transaction failed if user entered incorrect password; unable to correct password 1366 Windows Phone: registration fails Windows Phone: Unable to get TOTP seed 1508 Session timeout impacts workflow After a session timeout, the workflow may alter the inclusion of additional authentication criteria 1521 OTP email template reply message has changed Changed the "from" address from @secureauth.com to @customer_domain 1542 Permission displays the revoked permission scope When Revoking an OpenID Connect permission, clicking Save twice displayed the revoked permission scope 1560 User ID status value is not updated On the Helpdesk page, the User ID status value was not being updated 1564 Some values on the helpdesk page are not reset Reset Fingerprints, reset Push Devices, reset OTP Devices – if the Update button was hit repeatedly, values that were removed would reappear 1573 DFP debug fails with 2016 Theme Device Fingerprint debug failed when using the 2016 Theme 1584 Maximum Invalid Password Attempts are not saved Maximum Invalid Password Attempts were not being saved 1656 Mobile Device Recognition fails The API Settings checkbox on the Registration Methods tab needed to be Enabled 1672 Transparent SSO fails with Mobile DFP Mobile DFP: Transparent SSO does not work when FP mode = Mobile App 1696 Helpdesk OTP phone number label is incorrect Helpdesk OTP phone number label displayed the incorrect phone number selection 1708 SAML Consumer: SAML conditions are being ignored A time-based SAML attribute was not being respected 1714 OAuth 2.0 social login requests fail when a proxy is used OAuth 2.0 logons behind a proxy failed 1735 ODBC settings are not saved ODBC settings were not saved 1736 Reports on long queries are timed out Reports that take longer than ten minutes to run timed out 1760 SHA256 signed assertions are not generated SAM SHA256 signed assertions cannot generate a SHA256 signed assertion 1765 Proxy server mask is not being displayed Proxy server mask was not being displayed 1766 Web.admin Windows proxy option support is deprecated Support for using the default Windows proxy server was removed 1769 Invalid samAccountName formats are not handled by API Invalid samAccountName formats were not handled by the API and there no status was returned 1780 Country check fails Internal IP address was being evaluated 1810 Password Strength indicator does not progress 2016 Theme: PasswordReset.aspx – Password strength does not register until the confirm password is initiated by the first letter 1813 Performing a Save to multiple realms can cause corrupted data On slow-performing servers, saving content to multiple realms in the web.admin can corrupt data 1828 No validation message appears for configured PIN reset Min and Max in Helpdesk 2016 Theme: ManageAccounts.aspx – No validation message appeared for a configured PIN reset Min and Max on the Helpdesk page 1835 Confirm password entry jumps to the previous line Data entry made in the confirm password textbox jumped to the previous line 1859 Default OTP value has changed, and minimum OTP value has changed Default OTP value is now set to 6, and minimum OTP value has increased from 2 to 4 – existing customers using less than 4 will have the OTP value set to 4 1865 Confirmation is missing for PasswordReset.aspx unlock button 2016 Theme: PasswordReset.aspx unlock button confirmation did not exist 1873 Yubikey provisioning fails When provisioning Yubikey, the registration would fail 1880 No TRX log entries appear in the audit log TRX log entries in the audit log were disabled when TRX cloud logging was disabled 1902 TRX logs missing for WS-Trust and OpenID Connect TRX logs were missing for WS-Trust and OpenID Connect 1916 UBC is deprecated UBC as a second authentication method has been deprecated
9.0.0 Known Issues
Ref ID Issue Description 811 HTML is appended to a logging text file When downloading a text log, superfluous HTML is added to the end of the log 1273 DFP fails with Windows FIPS mode enabled DFP fails in Windows with the FIPS mode enabled 1283 Appliance performance is impacted by a down Syslog server Appliance performance is impacted when a Syslog server (on the same subnet) is completely offline (not just the service down) 1512 IdP Configurator fails to launch IdP Configurator on webadminstart.aspx does not launch 1805 PIN field re-populates after being cleared by user PIN field re-populates after being cleared by the user, but content for that field in the data store is deleted 1905 Login "Submit" button is disabled 2016 Theme: When Java detection is set to False, the "Submit" button becomes disabled 1954 Template wizard hangs when test link is clicked A realm configured using the template wizard hangs when the test link is clicked 1959 Error using Back button on Update or Decrypt Web.Config pages User receives a server error message when the Back button is clicked from updatewebconfig.aspx or decryptwebconfig.aspx page
OAuth 2.0 now supports flows for: