Version 6.5.5.1028 (November 21, 2022)
Bug Fixes
- SSO got stuck on the last step (4077)
- Some prompt and error messages were truncated ending "{0}" (4102)
Improvements
- Self-Service Console - the main menu is expanded by default (4074)
- Self-Service Console - if the user has no permissions at all on a section, such as Site Stamp, then the section is removed from the main menu (4070)
- Self-Service Console - add access control permissions to the user device section (4072)
Version 6.5.5.1028 (October 28, 2022)
Bug Fixes
- Error "Unknown Algorithm Name: PROX/TOTP" when upgrading from DualShield 5.9.x to DualShield 6.5.x (3991)
- Error "org.hibernate.NonUniqueObjectException" (3990)
- Error "java.lang.NullPointerException: Cannot invoke method tokenize() on null object" occurred when a new computer logon client is connected with an old MFA server (3984)
- Error "Cannot get property 'category' on null object" (4050)
- The Reset Password Service got an exception error when UPN was used as the login name (3993)
- The MFA server failed to initialize when AWS MySQL is being used (4025)
- The username autofill did not work in the Activate module in the DualShield Deployment Service (DDS) did not work (4033)
- Changing FQDN on Linux failed (4045)
Improvements
- Resource Editor for customization & localization (3877)
- Replaced port 8005 with port 18005 (3985)
- Added a new policy option 'Deployment Service URL' to the Self-Service Policy (4032)
- Added a new wildcard [[ACLINKUPN]] to the Activation Code message template (4036)
- Added Device Name and Device Group into the Device Filter in the Logon Policy (3915)
- Ready for FCM update in the MobileID/Android app (3989)
Version 6.5.4.0914 (Sept 14, 2022)
Bug Fixes
- Fixed a compatibility issue with the old versions of the DualShield Windows Logon client that caused error "Cannot set property 'ip' on null object" (3980)
Improvements
- The function "Enroll DeviceCert" in the DualShield Service Console is disabled on non-Windows OS (3959)
- Added a new token permission for "Export Token" and "Download DeviceCert" in the DualShield Service Console (3961)
Version 6.5.4.0909 (Sept 09, 2022)
Bug Fixes
- Outlook Anywhere occasionally created duplicated user accounts (3912)
- FIDO did not work with Safari on MacOS (3939)
- Failed to change AD user password via RADIUS/MS-CHAP (3950)
...
Version 6.5.3.0722 (July 22, 2022)
Bug Fixes
- The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
- The user agent filter in Logon policy doesn't work for WEB SSO (3789)
- SSO user interface customization did not work in some circumstances (3797)
- Creating authorization code in the admin console did not work (3805)
- in the SendOTP API, password is transmitted in clear text
- Deleted tokens were still listed in the service console (3827)
- After a user was access denied, switching to a different user was still access denied (3843)
- In the safe mode, all access control policies were still effective (3852)
...
- Added support for reCAPTCHA (3510)
- Added support for FIDO2 (3727)
- Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
- Added access control by the user device (3780)
- Added access control by geo velocity (3811)
- Added device filter to the logon policy (3496)
- Added geo velocity filter to the logon policy (3810)
- Added user sign-in device management in the admin console (3515)
- Version 6.5.2.0620 (June 20, 2022)
- Add the token name to the QR code of the MobileID token (3844)
- Repetition is disallowed in free navigation in GridID (3819)
Bug Fixes
- A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
- Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
- An incorrect policy could be used when there are multiple domains in a realm (3775)
- If an AD group is renamed, it became invisible in the DualShield admin console (3763)
- Web SSO could sometimes mistakenly use the DNA logon procedure (2416)
...
Version 6.5.2.0601 (June 01, 2022)
Bug Fixes
- Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
- IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
- When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
- Cross-origin resource sharing: arbitrary origin trusted (3730)
- Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
- The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
- Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
- Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
- Did not include ClientIP in intrusion alert (3713)
- Import a full-chained certificate gets the error: Certificate not chained (3745)
- Assigning token in DAC got null pointer exception (3746)
- False error messages in das6.log: "The application's global logon procedure is not found: Desktop SSO" (3751)
- The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
- Reset token successfully but there is no confirmation on the screen at all (3756)
...
- Support Microsoft Remote Desktop Web Client (3674)
- Support TLS 1.3 (3703)
- MS-SQL JDBC driver upgraded to 10.2 (3681)
Bug Fixes
- DualShield with SQL server database upgrading to v6.5.0 failed (3671)
- Deleting and re-adding DeviceID tokens in the same user account caused the license count to increment (3488)
- The user search filter stopped working after moving to the next page (3645)
- Login via the Deepnet Authenticator (DNA) sometimes caused a deadlock (3653)
- OOBA by SMS and Call did not work in v6.5.0 (3679, 3880)
- The "Users have been inactive for n days" did not work (3690)
...
- DeviceID registration and renewal verification using Deepnet Authenticator (3469)
- Introduced DeviceID renewal (3469)
- Improved extraction of DeviceID properties (3473, 3525, 3563)
- Added FIDO2 support (3420)
- Travel velocity detection (3017)
- Replaced log4j with logback in the authentication server module (3447)
- Replaced log4j with logback in the certificate server module (3441)
- Upgraded log4j from 1.2.17 to 2.17.2 in the management console module (3451)
- New Device Sign-in support for Outlook Anywhere and ActiveSync (3516)
- New Device Sign-in support for Computer Logon (3528)
- New Device Sign-in support for Deepnet Authenticator (3529)
- Automatically renew the SSO certificate when the associated let's encrypt certificate has been renewed (3564)
- DualShield Deployment Service - support incoming username as a URL parameter 'username' (3582)
- DualShield SSO - support incoming username as the NameID attribute in the SAML request (3612)
- DualShield SSO - upgraded jquery to 3.6.0 (3590)
- Added "Send Activation Code via email" for DeviceID
Bug Fixes
- Failed to save the Product value in the task 'delete token by product' (3415)
- Error - "500:no enum constant com.deepnet.das.util.LogicalOperator", when navigating to Reports (3463)
- Error - "Gateway type not matched for TELEPHONE" in the Admin Console (3489)
- DualShield Service Console - user-defined token properties were not displayed for T-Pass and MobileID (3545)
- User's external status (Active/Disabled) change not reflected immediately (3561)
- Querying available channels for activation code raised exception (3565)
- LDAPBroker integration error: No signature of method (3569)
- In push token email, QR-Code is always included (3620)
- Searching LDAP user by internal attribute didn't work (3621)
- After LDAP user's internal attributes have been updated, DAC always shows the old values (3624)
Version 6.4.20.1215 (December 15, 2021)
Bug Fixes
- Failed to create new tokens for users who have no tokens (3438)
- Failed to work with DualShield IIS Agent if FQDN was changed in the past (3437)
- Log4J upgraded to 2.16 (3439)
...
- Add support for external SQL based user directory, e.g. Keycloak (3344, 3346)
- Release DualShield MyVD (Beta)
Bug Fixes
- In SSO, the delivery channels for the activation code were missing (3393)
- In SSO, error when attempting to register FIDO keys with PIN enabled (3328, 3376)
- In DAC, group search in the policy window did not work
- In DAC, executing the AUthentication Activity task failed (3414)
...
- Support Let's Encrypt
- Support Deepnet Authenticator in RADIUS logon
- Support UAC Prompt in the Windows Logon 6.2 and the Computer Logon 1.3
- Support Network Drive Map in the Windows Logon 6.2 and the Computer Logon 1.3
- Add new device access notification
- Add token assignment expiration notification
- Improve FQDN change and certificate change and renewal
- Improve performance in AD group membership lookup when there is a larger number of nested groups
- Administrators can generate the Authorisation Code in the admin console
- Tokens can be exported from the server and import into the Computer Logon Client to be used for offline logon
- Support SID as a form of user's login identity, along with SAM account name, down-level domain logon name and UPN
- Return a RADIUS attribute with multiple values as multiple attributes of the same name
Bug Fixes
- German umlaut letters caused errors in OOBA push authentication
- Audit Logs were not exported according to the display filter
- Preview of User Interface Customisation did not work properly
- MS-SQL deadlock at a high volume of traffic
- QR code is not displayed in Gmail
- Mapping the Personal Email identity attribute to an AD attribute got the error "Attribute is intrinsic"
- Intrusion Alert did not work
- WINSSO caused exception
- MobileID OOBA push message did not beep
- Renewing a self-signed certificate resulted in different self-signed certificates in different DualShield servers in a cluster
- Unable to set a default pin in token polices
- GridID asks for resetting path even if the mode is set to free navigation
- At login, the answer in Q&A was visible
- Many minor issues were fixed in the Admin Console
...
- Expiration notification service for AD password
- Device Quarantine UI for DevicePass, DeviceID and DeviceCert
- Organizations and users can publish custom applications on the SSO portal and Self-Sevice console.
Bug Fixes
- DualShield root CA did not have a CN
- When FQDN is being changed, its self-signed certificate is not updated
- In some cases, OOBA doesn't work on iOS devices if there are multiple DualShield servers in the system
- Alert messages do not appear in the Inbox
- Occasionally, creating a group policy caused Hibernate lazy init error
- On the DevicePass and DeviceCert activation page, Contact Info is missing
...
- Expiration notification service for token PIN and PATH
- Add "last access ip" into token
- Auto refresh user status after lockout period ends
- If the token does not have PIN, hide the "PIN" entry box
- Make "Enable Agent Registration" persistent across all DAS instances
- New UI for RADIUS server EAP options
- Add "System Info" to show info such as the version of Java, Tomcat and MySQL
- Enhance the Self-Service Policy so that the Self-Service Console can be completely customised
Bug Fixes
- At RADIUS logon, token auto provisioning did not work
- FaceSense enrollment shows black image on Mac
- Cannot download HOTP token in Deployment Service
- Scan QR code of HOTP token results "null in ocraSuite" error
- QR code of Google Authenticator was not displaying in the Deployment Service if Authorization Code is required
- Several reflected XSS in DSC, DUA and DRP modules
- Tomcat 9 error 400 includes the Tomcat version
- A possible hibernate SQL injection in the message search function in DAC and DMC
- After upgrade to 6.0, some newly tokens cannot be seen in the user account
- SAML SP attribute entry box does not accept manual entry
- Agent's Public URL cannot be set to empty
- Upgrading 2 DualShield servers simultaneously caused optimistic lock error
Version 6.1.0.0304
Bug Fixes
- Failed to register RADIUS server
- Failed to install DualShield on a machine where JAVA is already installed
- Unable to edit Radius Client when it is connected to multiple Radius Servers
...
- Deepnet Authenticator is now available for Web and Cloud applications
- New authentication method DeviceCert is now available for Web, and Cloud application as well as Modern Authentication for Office clients
- Smartcard certificate authentication method is now also available for Web and Cloud applications
- Changing FQDN is now availbale within the admin console.
- Changing and Renewing the certificate of the web consoles is now available within the Admin Console
- New option "Download Token in MobileID App" added to the MobileID policy
- New option "Remember last login username" added to the Logon policy
- New option "Remember last login methods" added to the Logon policy
Bug Fixes
- Downloading token from the MobileID app was malfunctional
- Remembering last logon methods did not work in a multi-step logon procedure
- Disabled users were allowed to reset password
- The system admin account (SA) was not allowed to login when the license key has expired
- Application Self Test failed with an incorrect error message
- The QR code for the Google and Microsoft Authenticator did not work
- Office 365 ECP login did not work
- Unable to add Base DN when creating a new Identity Source of OpenLDAP
- Password Reset did not work in OpenLDAP (ClearOS)
- Radius server association was lost after editing a radius client
- Selecting "MS-CHAP2" in RADIUS authentication caused RADIUS authencation to fail
- Installing DualShield on Linux without legacy components would fail
- The value of RelayState was not URL encoded
- HTTP proxy did not work
- SAML response did not include the correct value of the SAML attribute "SessionNotOnOrAfter", causing some SPs to terminate sessions within 5 minutes
- A CORS related issue
- Trying to unregister OOBA from the MobileID app caused a JSON error
- In the admin console, some passwords such as the Access User in the Identity Source was included in the data stream
- On an iOS device clicking "Download App" in DualShield Deployment Service (DDS) console took the user to Google Play
...