SecureAuth Hotfixes typically come after a release to resolve known issues without requiring customers to wait for or to upgrade to the next release.
More information about these hotfixes and download files can be found on the SecureAuth Hotfixes Downloads Page.
SecureAuth IdP v9.1 and v9.2 Hotfixes
9.2.0 Latest Hotfix
The latest hotfix release (9.2.0-19) is comprehensive and resolves all issues addressed by the hotfixes in this table:
|Release No.||Release Date||Ref ID||Issue|
|9.2.0-19||11/15/2018||EE-867||Cert and Mobile Validation Dates – Cert Validation Date and Mobile Validation Date values now correctly populate the Help Desk page.|
|EE-937||Begin Site Redirect Encoding – Begin site redirect is no longer double encoding the request query, causing the realm to break and the workflow to halt.|
|9.2.0-19 hotfix – machine learning|
|9.2.0-18||10/10/2018||EE-678||SAML Consumer UI – When adding a provider for SAML consumption, SecureAuth IdP Web Admin UI no longer disables editing provider information.|
|EE-917||Unable to Save KBQ / KBA Value – When saving the "helpdesk challenge" on the Self-service Account Update page, the user's knowledge based answer is now saved when data is encrypted.|
|9.2.0-17||09/07/2018||EE-899||Debug Logging Issue – Self-service Password Reset page now logs correctly on all configurations.|
|EE-895||Symantec VIP Credentials Display – Symantec VIP Credentials table now displays all user information on the Help Desk and Self-service pages.|
|EE-903||Country Check Cloud Services – When Cloud Services are down, users are no longer stopped during login when SecureAuth IdP performs a country check.|
|9.2.0-13||07/18/2018||EE-862||Country Code Support Issue – Certain country codes were not being supported for phone call and / or SMS TOTP delivery.|
|Adaptive Authentication IPv6 Processing – Adaptive Authentication policies returned invalid data for users with IPv6 addresses.|
|9.2.0-9||06/11/2018||EE-785||Adaptive Authentication Redirection – Redirecting the user via an Adaptive Authentication policy with a static query string parameter resulted in a query string with an invalid format.|
|9.2.0-8||06/05/2018||EE-743||User Risk Analysis Response – When retrieving a user risk score from certain third-party providers, SecureAuth IdP was not reading a valid score due to a null reference.|
Windows SSO Enhancement – Some IIS settings necessary for Windows SSO / authentication must be manually entered in the web.config, but SecureAuth IdP would remove all these settings if a change was subsequently made on the Workflow tab.
|EE-791||Adaptive Authentication Redirect Caching – SecureAuth IdP was caching query string parameters from previous Adaptive Authentication redirection URLs, causing redirection failures.|
Novell eDirectory Lookup – During login, a user’s profile was not being accessed successfully.
CyberArk Vault Credential Lookup – In multi-domain environments, SecureAuth IdP was not able to retrieve credentials successfully.
|9.2.0-4||04/24/2018||EE-709||SA Cloud Timeout and Fail Open – Due to extended timeouts and no fail open functionality, users were unable to log in when SA Cloud services are down.|
|9.2.0-3||03/21/2018||EE-604||User Risk Score Bearer Token Authorization – The format for the OAuth2 Bearer Token used when importing a User Risk Score was causing an error, resulting in the inability to import the risk score.|
|9.2.0-2||03/10/2018||EE-587||Account Management Updates – Users could access Help Desk pages from the Portal despite not being a member of the designated group set up on the administrative page.|
|EE-619||Interface / Customization Communication – Customizations referencing a certain interface were no longer able to communicate with it.|
|EE-616||PIN Not Saved – When updating the PIN field in the self-service realm, the PIN was not successfully saved, causing errors when attempting to use the PIN in subsequent login attempts.|
9.1.0 Latest Hotfix
The latest hotfix release (9.1.0-46) is comprehensive and resolves all issues addressed by the hotfixes in this table:
|Release No.(s)||Release Date(s)||Ref ID||Issue|
|9.1.0-46||11/30/2018||EE-930||Log Database Collection – SecureAuth IdP no longer stops creating log entries when records grow very large (2,147,483,647+).|
|EE-986||Google ID Social Login – Issue resolved in which Google API changes caused SecureAuth IdP’s social login feature for Google Apps to stop working.|
|EE-991||Begin Site Redirect Encoding – Begin site redirect is no longer double encoding the request query which had been causing the realm to break and the workflow to halt.|
|9.1.0-45||09/06/2018||EE-906||eDirectory Group Issue – Error no longer occurs when attempting to add a user to a group in eDirectory via the Create User function.|
|EE-123||Timeout Message Display – When users are logged out of Secure Portal based on timeout, the notification now displays the timeout message configured on the realm.|
|9.1.0-44||07/27/2018||EE-847||OIDC Subject Claim Issue – Introspection endpoint was failing when access token subject claim contained a client ID.|
|9.1.0-42||05/21/2018||EE-786||OIDC EndSession Redirect – Redirect and session end was not occurring due to the 'post_logout_redirect_uri' parameter requiring the presence of the 'id_token_hint' parameter. Redirect now functions with the presence of 'client_id' only, and does not require 'id_token_hint'.|
Create User Failure for eDirectory – Create User page integrated with eDirectory was not functioning due to hardcoded attribute information.
NOTE: This fix enables the creation of users, but certain functionalities of the page are not supported for eDirectory at this time.
Proxy Settings for OIDC Encryption Key Retrieval – Proxy settings configured in SecureAuth IdP are not applied when retrieving OIDC encryption keys.
Create User Group Designation SQL – Create User page with SQL data store integration does not associate users to groups on the page during creation.
NOTE: This fix requires a new stored procedure provided by SecureAuth Support (see contact information below).
Novell eDirectory Lookup – During login, a user’s profile was not accessed successfully and the self-service password reset was unsupported.
|EE-642||Mobile QR Code Enrollment – When device limitation is enforced, false errors would occur during QR code enrollment.|
|EE-703||SA Cloud Timeout and Fail Open – Due to extended timeouts and no fail open functionality, users were unable to log in when SA Cloud services are down.|
|EE-446||Errant Calls to Invalid URLs – Calls made for IP Evaluation were hitting the wrong endpoint URLs.|
|EE-629||Bad IPv6 Handling – During Adaptive Authentication analysis, IPv6 calls created issues with the evaluation.|
|9.1.0-39 or earlier||Various||EE-559||JWT Missing Claim – In OAuth 2.0 Client Credential Flow, the ‘sub’ (subject) claim was missing in the JWT.|
|EE-586||Encryption Functionality – Encryption functionality was static due to the disability of this feature.|
|EE-533||OTPValidateThrottle PUT Call – OTPValidateThrottle PUT call was resetting the count for both values (Select vs. Validate counts).|
|EE-514, EE-521||Self-service PIN Update – The Update button needed two clicks to save new PIN information.|
|EE-470||RADIUS Server Timeouts – RADIUS Server requests were timing out when under a high load.|
|EE-482||Slow Response – When connected to a Syslog Server, too many UDP clients created a massive slow down.|
|EE-417||Tivoli Directory Device Recognition – Device / Browser Profiles were not accurately saved to Tivoli user profiles.|
|EE-483||Link-to-Accept with Proxy – Link-to-Accept did not properly go through the configured proxy settings (both SMS and email).|
|EE-480||Device Recognition on IE10 – PixelRatio property analyzed for fingerprinting was unsupported in IE10 and therefore returned a null response and invalid browser profile.|
|EE-464||YubiKey Validation Call Failure – API calls to validate the YubiKey login fail due to character limitations in the string.|
|EE-376||Account Management Error – Updating the OATH Seed on the Account Management page created an error due to split directory integrations for membership and profile.|
|EE-429||SMTP Timeout Errors – Using the Authentication API to request OTP emails, the user experienced SMTP timeout errors.|
|EE-366||HID Token Read Failure – Login process was unable to read the OATH Seed from an HID token for MFA, and SecureAuth IdP was unable to read the OATH Seed from HID token for post-authentication.|
|EE-337||2016 Light Theme Login Page – When pasting a password (from password manager, for example), the Submit button did not change color and the mouse cursor showed the ‘no entry’ icon. Clicking the button worked, but visually appeared as though it would not.|
|EE-329||Verbiage Customizations – When a user’s browser is not set to English and the preferred language is not selected in the SecureAuth IdP configuration, then the browser defaulted to English, but without the verbiage customizations made in the Web Admin.|
|EE-345||Invalid Username not Updating – With workflow type set to Username & Password, when the user entered an invalid username and then corrected it, the username was still considered invalid and the page reverted the text back to the original invalid entry.|
|EE-328||OTPValidate Throttle not Counting – Instead of creating a unique counter for OTPValidate, the MultiFactorIntervalThrottle counter was used instead.|
|EE-320||Login for Windows UI – Various UI defects were resolved in Login for Windows.|
|EE-303||Username Overflow – On the Account Management page, the username overflowed into the next text box.|
|EE-295||OIDC Redirect URI with Localhost – For OIDC integrations, the Redirect URI did not support localhost.|
|EE-248||NumberProfile API Server Error – Requests to the phone number analysis endpoint with an invalid number (e.g. 123456789) generated a server error response.|
|EE-265||Password Requirements for Create User Page – Password requirements configured on the Web Admin were not applied to the Create User page.|
|EE-263||Unwanted Verbiage on Page – A flag on a page displayed unwanted verbiage on client-side pages.|
|EE-203||Duplicate Knowledge Based Questions – Users were able to select the same KBQ multiple times, thus only having one question to answer for Multi-Factor Authentication.|
|EE-255||No Automatic Redirect – Users were not automatically redirected from SecureAuth IdP with an OIDC token to the relaying application.|
|EE-212||Invalid User Error – LDAP users attempting to log in continually received an “Invalid User” error.|
|EE-202||OATH Token Invalidation – After upgrading to version 9.1, existing OATH Tokens were no longer valid and required re-provisioning.|
|IDP-1721||Login for Windows Configuration – Configuration settings for new Login for Windows product were not available in the Web Admin.|
|EE-183||FIPS Compliance – SecureAuth IdP updates were made for FIPS Compliance requirements.|
|IDP-2554||Admin API HMAC Authentication – It was possible to remove HMAC authentication from the Admin API.|
|EE-119, EE-175||Authentication API Throttling – The Multi-Factor Throttling count doubled based on selection and validation of the OTP, thereby rendering the configuration inaccurate.|
|IDP-2524||Web.config URL Update – Values for some URLs were incorrect in the web.config.|
|IDP-2486||Compilation Error – The SISU code file contained a compilation error.|
|IDP-2516||ChangePassword Error – Username was missing a domain slash for Change Password via the API.|
|IDP-2497||Link-to-Accept UI Update – Color of the button was incorrect.|
|IDP-2512||Authentication API OATH Token Failure – OATH Token was not working as a viable Multi-Factor Authentication option via the Authentication API.|