Updated: October 9, 2020
In an effort to improve and modernize SecureAuth cloud services, as well as improve the performance of the SecureAuth IdP appliances, we are phasing out a legacy protocol used to communicate with SecureAuth cloud services, effective January 1, 2021.
What exactly needs to be changed?
In the Admin console, go to the System Info tab of each realm. The WSE 3.0 / WCF Configuration section contains URLs that connect the realm to SecureAuth cloud services.
If any URLs are HTTP, then you must update the URLs and the WSE setting
On the SecureAuth cloud services documentation page, the recommended URLs and configuration settings are documented. In short, all URLs must be set to HTTPS. And remove the suffix: /msg.
For example, if your SMS service is set to use Message level encryption, the existing URL might look like this:
Change the new URL to:
https://us-cloud.secureauth.com/SmsService/SMS.svc (change to https and remove the /msg)
The Use WSE field setting for all URLs must be set to False when the URL is changed from HTTP to HTTPS.
Change the certificate URL
Existing certificate URL:
If you are using
https://nge-cloud.secureauth.com/CertServiceRSA/Cert.svc, there is no need to make a change.
What are the considerations?
Make sure you have outbound firewall or proxy rules that allow for HTTPS communication on port 443 to the following IP addresses:
As with any change to a mission critical production system, take a snapshot or other backup before making the changes. If you have a non-production test SecureAuth IdP appliance, make the changes on that system first, and thoroughly test before changing your production system.
After making all the changes, test every service on each realm, such as SMS and Push to make sure the new URLs are correctly entered and functioning as expected.
How long will it take to make these changes?
It should only take a few minutes for the hotfix installer to run and update the configurations on each realm. You will need to run the hotfix installer on every SecureAuth IdP appliance. Testing time is commensurate with your unique configuration.
What will happen if I don’t change these settings?
At some point, shortly after January 1, 2021, we will disable the endpoints listening on port 80 for message level requests. This will result in any requests to the SecureAuth cloud (such as SMS) failing and impacting your users.
SecureAuth has a hotfix installer to automatically update the configuration with the changes described above to each realm on your SecureAuth IdP appliance. To use the hotfix, go to the Installation section to download and install the hotfix.
This hotfix is not cumulative, and only addresses the SecureAuth IdP cloud services communication protocol. This hotfix does not include any other changes. The change only updates the URLs and connection settings used by the SecureAuth IdP appliances to communicate with SecureAuth cloud services.
The hotfix update applies only to SecureAuth IdP product versions 9.3 and earlier.
We recommend installing the hotfix on the server when it is offline / out of service. However, you can technically run the hotfix on a live server.
- Click and download the SecureAuthCloudUpdate executable file.
- Place the file on the D: drive of your SecureAuth IdP appliance.
- Right-click the file and go to Properties.
- On the General tab, at the bottom right, select the Unblock check box and click OK.
If you do not see an Unblock check box, this means that the file is already unblocked.
- Recommended: Take a snapshot of the SecureAuth IdP appliance.
- Run the SecureAuthCloudUpdate executable file as an Administrator.
The application will ask you to install the hotfix and typically completes within 30 seconds.
A message displays indicating when the installation is complete.
A reboot or IISRESET is not required.
- Test your applications, and then put the server back into production.
- Repeat this process for all servers in your farm.
If you have any issues, please contact SecureAuth Support.
If for any reason, you want to rollback this hotfix, there are two ways to do this:
- Option 1: Revert to your snapshot (see step 3 in the Installation section).
- Option 2: Rerun the hotfix installer (see step 4 in the Installation section), and click Revert Backup.