Version
...
7.1.1.20240801 (August 01, 2024)
Bug Fixes
- The max number of devices option in the DeviceID policy left unassigned devices in the repository (5679)
- Cannot create a helpdesk role with only lock/unlock permission (5713)
- Removed the "/sso/version.txt" page (5728)
- In RADIUS login, OOBA timeout causes the user account to be locked (5730)
- Fixed the "Cannot get property 'user' on null object" error when scanning an expired QR code (5750)
Version 7.1.0.20240702 (July 10, 2024)
New Features & Improvements
- Add support for GSSAPI in the LDAP connection to Active Directory servers
- Add the UI to manage system and server jobs in the Admin Console (5237)
- Exclude non-Windows devices from the desktop to Web SSO (5492)
- Improve the UI for replacing the SSL certificate of the Web consoles (5494)
- Improve the UI for managing server certificates (5495)
- Add a new set of options for the network access control in the Computer Logon Client policy (5509)
- Make the UI of the application index page customizable (5524)
- Authentication Server upgrade will not overwrite custom cypher settings in the server.xl file (5566)
- Support SAML logout using HTTP-Redirect (5613)
- Add a new task for monitoring COPU load (5672)
- Add a new button to reload the license count (5688)
Bug Fixes
- The Server Certificates repository displays duplicated certificates (5496)
- SAML attributes disappear after cloning a Service Provider (5496)
- Issues with Authentication Activity Report when adding Timestamp in Condition Builder (5530)
- Log fields are empty in exported audit logs (5533)
- log4j 1.x file was accidentally re-included in the previous update (5541)
- LDAP connection failure on one identity source could bring down other services that are not directly connected to the identity source (5562)
- Fixed some issues in the SSO Federation (5591, 5592, 5616)
- Hiding domain selection caused the SSO Federation to fail (5517)
- DAS throws an exception when the RADIUS EAP certificate is missing or invalid (5691)
- Error: Cannot get property 'certificate server' on null object (5691)
Version 7.0.0.20240411 (April 08, 2024)
New Features & Improvements
- Password is encrypted in the communication between the SSO frontend and the SSO backend server (5306)
- Add the support of implicit UPN, i.e. a username can only be treated as either a SAMaccount name or an implicit UPN (5347)
- Add a new role permission ('Verify' in the 'User' object) for DHV (DualShield Helpdesk Verification) console (5370)
- Add options in the User Identity policy to control how X-User-Identity should be handled (5398)
- Change the DualShield installation on Linux OS to support systemd service (5418)
Bug Fixes
- 2FA could be bypassed by attacking the username in the Outlook Agent-Based 2FA (5365)
- The 2nd step was skipped if the 1st step was set to Computer Fingerprint in the Outlook Agent-Based 2FA (5385)
- The DualShield service was unable to automatically start in Ubuntu 20.04 (5312)
- The geolocation feature on MobileID Push Notification did not consider reverse proxy (5322)
- The device filter feature in the Logon policy did not work properly (5356)
- Query is not saved in the Condition Builder when the value is set to 0 (5459)
- Unable to change the type of a logon procedure (5211)
- The "Export MobileID Tokens" task shows success even when it failed (4280)
- Fixed the error "org.hibernate.exception.SQLGrammarException: could not get table metadata: user_device" (5209)
- Updating the "Entity ID" of the SSO server is not reflected in the SSO metadata output/export (5399)
- Fixed the error "An internal error occurred in the Microsoft Internet extensions" related to localStorage (5397)
- Duplicated DevciePass tokens were created when the connection speed was slow (5445)
Version 6.9.0.20240119 (January 19, 2024)
New Features & Improvements
- Enroll ActiveSync devices via Mdm (4838, 4959)
- Application Diagram (4825)
- Supports iframe in the SSO customization fields such as Header, Footer etc (4647)
- Added an option in the Logon Procedure to support the Verify Host OTP mutual authentication (4772)
- Added an option in the Admin Console for changing the port number of the SSO service (4494, 4901)
- Export policy to XML file (4905)
- Present DHV (DualShield Helpdesk Verification) as a popup window (4906)
- Improve the UI of role permissions
- Support passwordless authentication via PKI certificate (5037)
- Automate the logon step with Computer Fingerprint method and DevicePass token (5207)
- Search users in multi-domains in a realm by a pre-defined order (5242)
- Failthru now supports MSCHAP2 (5273)
Bug Fixes
- Drop-down menus are displayed out of place (5126)
- Long context menus are cut off in low-res screens (5166)
- Some contents in the Modern Authentication window are not displayed correctly (5167)
- Logon session times out immediately with F5 (5186)
- Fixed two-way authentication via OTP (4766)
- changing the password of internal users took effect after 5 minutes (4812)
- SSO did not work in OWA with multiple URL bindings (4962)
- DSC - always jumped to the token page after logging in even if the feature is disabled in the user's role (5033)
- Fixed several issues in the download token function on the MobileID desktop application (5065)
- Logout dialog flashed twice in DSC & DHV modules (5074)
- Fixed input focus issue on SSO screen when 'Prevent Name Guessing' is enabled (5096)
- An alert with 'Contains' parameter blocked Audit logs (5126)
- DAC - Replacing certificate returned error 471: Invalid certificate or bad password: java.io.IOException: keystore password was incorrect (5067)
- DAC - Image Repository: 500:java.lang.String cannot be cast to java.lang.Long (5206)
- DAC - Audit Log - log.Log null (5236)
- SSI - Windows Logon - error: Could not initialize proxy - no session (5271)
- Paralles/2X client - error: No tokens available on account (5275)
- verbose error messages vulnerability (5279)
- HSTS not applied to the endpoint /SSO (5293)
Version 6.8.1.20230919 (September 19, 2023)
Bug Fixes
- Users with custom attributes got the error "500:attrdef" at SSO login (5023)
- On the DualShield Deployment Service (DDS) portal, the icons of "request activation codes" were not displayed properly (5021)
Version 6.8.1.20230906 (September 06, 2023)
Bug Fixes
- A time zone that has multiple region names was not displayed correctly (4863)
- SMS provider, Esendex, stops working after upgrading to DualShield to 6..8.0 (4916)
- In the admin console, the access to the display of the token's credential data and QR was not correctly controlled by role permissions (4890)
- In the Admin Console, when the user has not permission to display QR code, it still tries it every 30 seconds. (4952)
- In the Admin Console, the function of pushing tokens was not correctly controlled by role permissions
- A role with a resident domain can see other domains (4923)
- A role with the permission view audit logs for a specific domain only did not work correctly (4979)
- In the role permission scope list, a domain or unit name that contains dot (.) causes ambiguity in scope definition (4926)
- The "Change Status" permission did not work correctly in token assignment (4961)
- In the Admin and Service consoles, the drop-down menu was displayed out of place (4963)
- Log fields were not included in syslog (4991)
Improvements
- Downgraded Angular to v11 in the DualShield SSO, in order to support the embedded IE browser window used in some applications such as Outlook, Box etc. (4988)
- In the role permission object list, a root or intermediary object is now not selectable (4939)
- Enhanced permission control for the Resource Editor (4938)
- Applying the global Access-Control by Location Policy before querying in the RADIUS logon process (4988)
Version 6.8.0.20230811 (August 11, 2023)
Bug Fixes
- Unable to create more than one domain-bound policy per category (4881)
- A role with the resident unit scope could see the names of other units (4880)
- fixed the error "user_agent column is too short" (4884)
- In Outlook Anywhere, some users occasionally got multiple Device IDs (4902)
Version 6.8.0.20230731 (July 31, 2023)
Features & Improvements
- DualShield Helpdesk Verification (DHV) module that allows helpdesk operators to verify user's identity in realtime with MFA (3859)
- DeviceID can be manually enrolled by the system admins using the Admin Console (4654)
- DevicePass is supported in the Agent-Based Outlook MFA without the need to install the Device Manager (4721)
- Added a new option to the User Identity Policy to allow the use of both email and UPN as the login name (4849)
- Added token assignment to the bulk token import (4655)
- Added bulk activate and bulk disable functions to the Device Quarantine (4667)
- Added auto refresh feature to the Device Quarantine list (4753)
- Improved the UI of the Message Templates in the Admin Console (4186)
- Added user search in the LDAP test facility (4407)
- Added Import & Export functions to the Resource Editor (4550)
- Added the Language Pack function to support any language (4549)
- Improved UI customization - removed the option "Keep this field empty" from text fields and added the option "Use system default value" for image fields. (4555)
- Removed port 80 from server.xml (4579)
Bug Fixes
- Dead loop caused by the Message Gateway Not Available alert (4139)
- Multiple policies of the same type could be added to a group/unit/user (4156)
- Upgrading from v5.9 to v6.7 failed with error "NullPointerException" (4619)
- Outlook 2FA Agent failed to remember DevicePass as the last login method (4685)
- Outlook 2FA Agent got the error "Attribute not found in the session" (4687)
- The error message "The application's global logon procedure is not found" was incorrectly inserted in the Audit Logs (4737)
- Error 500 when deleting identity attributes for internal domains (4739)
- Fixed CVE-2019-17267: "Unspecified vulnerability in FasterXML jackson-databind" (4748)
- Bypassing 2FA by changing the DASApplicationID (4455)
- CPU hogs in background jobs (4749)
- Customized challenge message in the Mobile Policy is not used in SSO (4758)
- Fixed Safe Mode Login when captcha is enabled (4421)
- Registering FIDO2 token failed with error "could not initialize proxy - no Session" (4499)
- Failed to load SSO page in Android WebView (4510)
- Syslog stopped working in v6.7 (4530)
- Fixed key input focus in several places in the SSO login process (4808)
- Fixed the issue of dropdown menus being out of place in the Admin and Self-Service consoles (4857)
- Cannot delete the last login user device (4680)
Error 500 "Cannot invoke method save() on null object" when changing FQDN (4570)
Version 6.7.0.20230422 (April 22, 2023)
Features & Improvements
- Support Let's Encrypt on port 443 (4137)
- FIDO2 keys can be enrolled by the administrator using the admin console (4187)
- New option in the Application's settings to hide domain selection (4329)
- Extended the system health check task to check SSO & RADIUS certificate expiration date and notify the administrator (4391)
- Added a new SMS provider to support sending SMS messages via Exchange emails (4495)
Bug Fixes
- Syslog did not work in v6.6 (4527)
- MFA could be bypassed by changing the DASApplicationID (4445)
- RD Gateway OOBA: users exempted from MFA got the "Password cannot be empty" error (4438)
- A FIDO2 key was able to be registered multple times (4444)
- The SSO login page could not be loaded in Android WebView (4510)
- Fixed following errors
- "NoSuchElementException: Cannot access first() element from an empty List" (4478)
- "Cannot cast object '0.0' with class 'java.lang.String' to class 'java.lang.Double" (4480)
- "Could not initialize proxy - no Session" (when try to register a FIDO2 token) (4499)
Version 6.6.0.0224 (February 24, 2023)
Features & Improvements
- Added support for SMS providers that pass authentication credentials in the HTTP header (4272)
- Fixed Apache Shiro vulnerable library (CVE-2022-40664) (4163)
- Fixed Apache Commons Text < 1.10.0 Remote Code Execution (CVE-2022-42889) (4162)
- Fixed a display problem in the Admin Console related to the newly added Resource Editor feature (4361)
Version 6.6.0.0210 (February 10, 2023)
Features & Improvements
- Resource Editor for customizing any text in any language
- New message templates for token deactivation notice
- Supports login name format of "username@netbiosname" (4144)
- Move the credential provider filter from the computer logon client policy to the agent policy (4160)
- Improved performance of event logs (4202)
- Updated JQuery in the AppSSO module (4203)
- Added a new callback URL as a parameter to the SSO's logout URL (4231)
- Added a new "Logout URL" option to SSO Service Provider to be called at logout (4235)
- Reordered the SingleLogoutService URLS in the IDP Metadata (4279)
Bug Fixes
- Remember last login method did not always work (3957, 4290)
- SSO failed to prompt the PIN dialog when user verification is required (4150)
- FIDO2 registration failed with the error `Incorrect origin` if the reverse proxy is enabled in the IIS Agent (4153)
- Fixed several errors related to Oracle SQL (4194, 4196, 4288)
- OOBA completion caused an infinite loop (4204)
- Updating from Das v5.9.x to Das 6.5.5 caused the legacy DSS module to break (4286)
Version 6.5.5.1121 (November 21, 2022)
Bug Fixes
- SSO got stuck on the last step (4077)
- Some prompt and error messages were truncated ending "{0}" (4102)
Improvements
- Self-Service Console - the main menu is expanded by default (4074)
- Self-Service Console - if the user has no permissions at all on a section, such as Site Stamp, then the section is removed from the main menu (4070)
- Self-Service Console - add access control permissions to the user device section (4072)
Version 6.5.5.1028 (October 28, 2022)
Bug Fixes
- Error "Unknown Algorithm Name: PROX/TOTP" when upgrading from DualShield 5.9.x to DualShield 6.5.x (3991)
- Error "org.hibernate.NonUniqueObjectException" (3990)
- Error "java.lang.NullPointerException: Cannot invoke method tokenize() on null object" occurred when a new computer logon client is connected with an old MFA server (3984)
- Error "Cannot get property 'category' on null object" (4050)
- The Reset Password Service got an exception error when UPN was used as the login name (3993)
- The MFA server failed to initialize when AWS MySQL is being used (4025)
- The username autofill did not work in the Activate module in the DualShield Deployment Service (DDS) did not work (4033)
- Changing FQDN on Linux failed (4045)
Improvements
- Resource Editor for customization & localization (3877)
- Replaced port 8005 with port 18005 (3985)
- Added a new policy option 'Deployment Service URL' to the Self-Service Policy (4032)
- Added a new wildcard [[ACLINKUPN]] to the Activation Code message template (4036)
- Added Device Name and Device Group into the Device Filter in the Logon Policy (3915)
- Ready for FCM update in the MobileID/Android app (3989)
Version 6.5.4.0914 (Sept 14, 2022)
Bug Fixes
- Fixed a compatibility issue with the old versions of the DualShield Windows Logon client that caused error "Cannot set property 'ip' on null object" (3980)
Improvements
- The function "Enroll DeviceCert" in the DualShield Service Console is disabled on non-Windows OS (3959)
- Added a new token permission for "Export Token" and "Download DeviceCert" in the DualShield Service Console (3961)
Version 6.5.4.0909 (Sept 09, 2022)
Bug Fixes
- Outlook Anywhere occasionally created duplicated user accounts (3912)
- FIDO did not work with Safari on MacOS (3939)
- Failed to change AD user password via RADIUS/MS-CHAP (3950)
Features & Improvements
- Added "My Certificates" in DualShield Service Console (2582)
- Added "User Sign-In Devices" in DualShield Service Console (3829)
- Added Google Authenticator support for Parallel (3892)
- Added a new "Locale" policy (3888)
- Added Device Name and Device Group to the Device Filter in the Logon Policy (3915)
Version 6.5.3.0722 (July 22, 2022)
Bug Fixes
- The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
- The user agent filter in Logon policy doesn't work for WEB SSO (3789)
- SSO user interface customization did not work in some circumstances (3797)
- Creating authorization code in the admin console did not work (3805)
- in the SendOTP API, password is transmitted in clear text
- Deleted tokens were still listed in the service console (3827)
- After a user was access denied, switching to a different user was still access denied (3843)
- In the safe mode, all access control policies were still effective (3852)
Features & Improvements
- Added support for reCAPTCHA (3510)
- Added support for FIDO2 (3727)
- Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
- Added access control by the user device (3780)
- Added access control by geo velocity (3811)
- Added device filter to the logon policy (3496)
- Added geo velocity filter to the logon policy (3810)
- Added user sign-in device management in the admin console (3515)
- Version 6.5.2.0620 (June 20, 2022)
- Add the token name to the QR code of the MobileID token (3844)
- Repetition is disallowed in free navigation in GridID (3819)
Bug Fixes
- A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
- Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
- An incorrect policy could be used when there are multiple domains in a realm (3775)
- If an AD group is renamed, it became invisible in the DualShield admin console (3763)
- Web SSO could sometimes mistakenly use the DNA logon procedure (2416)
Features & Improvements
- Support Access Card authentication with Computer Logon v1.5 client
- Support FIDO2 authentication with Computer Logon v1.5 client (not with Web SSO) (3762, 3767)
- SSO Service Provider created by the IIS Agent will have the option "Sign on SAML Response" enabled by default (3764)
- Automatically migrate MobileID token to use default FCM with MobileID v6.1 app (3767)
Known Issues
This update introduced a problem below:
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Version 6.5.2.0601 (June 01, 2022)
Bug Fixes
- Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
- IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
- When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
- Cross-origin resource sharing: arbitrary origin trusted (3730)
- Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
- The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
- Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
- Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
- Did not include ClientIP in intrusion alert (3713)
- Import a full-chained certificate gets the error: Certificate not chained (3745)
- Assigning token in DAC got null pointer exception (3746)
- False error messages in das6.log: "The application's global logon procedure is not found: Desktop SSO" (3751)
- The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
- Reset token successfully but there is no confirmation on the screen at all (3756)
Features & Improvements
- Support WSFED for Outlook Web Access (OWA) and EAC (Exchange Access Console) (3758)
- Support multiple values of a SAML attribute (3648)
- Querying nested group membership took long time when checking roles and license (3709)
- New task for pushing MobileID download link in bulk by user group or domain (3718)
Version 6.5.1.0503 (May 03, 2022)
Features & Improvements
- Support Microsoft Remote Desktop Web Client (3674)
- Support TLS 1.3 (3703)
- MS-SQL JDBC driver upgraded to 10.2 (3681)
Bug Fixes
- DualShield with SQL server database upgrading to v6.5.0 failed (3671)
- Deleting and re-adding DeviceID tokens in the same user account caused the license count to increment (3488)
- The user search filter stopped working after moving to the next page (3645)
- Login via the Deepnet Authenticator (DNA) sometimes caused a deadlock (3653)
- OOBA by SMS and Call did not work in v6.5.0 (3679, 3880)
- The "Users have been inactive for n days" did not work (3690)
...
- DeviceID registration and renewal verification using Deepnet Authenticator (3469)
- Introduced DeviceID renewal (3469)
- Improved extraction of DeviceID properties (3473, 3525, 3563)
- Added FIDO2 support (3420)
- Travel velocity detection (3017)
- Replaced log4j with logback in the authentication server module (3447)
- Replaced log4j with logback in the certificate server module (3441)
- Upgraded log4j from 1.2.17 to 2.17.2 in the management console module (3451)
- New Device Sign-in support for Outlook Anywhere and ActiveSync (3516)
- New Device Sign-in support for Computer Logon (3528)
- New Device Sign-in support for Deepnet Authenticator (3529)
- Automatically renew the SSO certificate when the associated let's encrypt certificate has been renewed (3564)
- DualShield Deployment Service - support incoming username as a URL parameter 'username' (3582)
- DualShield SSO - support incoming username as the NameID attribute in the SAML request (3612)
- DualShield SSO - upgraded jquery to 3.6.0 (3590)
- Added "Send Activation Code via email" for DeviceID
Bug Fixes
- Failed to save the Product value in the task 'delete token by product' (3415)
- Error - "500:no enum constant com.deepnet.das.util.LogicalOperator", when navigating to Reports (3463)
- Error - "Gateway type not matched for TELEPHONE" in the Admin Console (3489)
- DualShield Service Console - user-defined token properties were not displayed for T-Pass and MobileID (3545)
- User's external status (Active/Disabled) change not reflected immediately (3561)
- Querying available channels for activation code raised exception (3565)
- LDAPBroker integration error: No signature of method (3569)
- In push token email, QR-Code is always included (3620)
- Searching LDAP user by internal attribute didn't work (3621)
- After LDAP user's internal attributes have been updated, DAC always shows the old values (3624)
Version 6.4.20.1215 (December 15, 2021)
Bug Fixes
- Failed to create new tokens for users who have no tokens (3438)
- Failed to work with DualShield IIS Agent if FQDN was changed in the past (3437)
- Log4J upgraded to 2.16 (3439)
...
- Add support for external SQL based user directory, e.g. Keycloak (3344, 3346)
- Release DualShield MyVD (Beta)
Bug Fixes
- In SSO, the delivery channels for the activation code were missing (3393)
- In SSO, error when attempting to register FIDO keys with PIN enabled (3328, 3376)
- In DAC, group search in the policy window did not work
- In DAC, executing the AUthentication Activity task failed (3414)
...
- Support Let's Encrypt
- Support Deepnet Authenticator in RADIUS logon
- Support UAC Prompt in the Windows Logon 6.2 and the Computer Logon 1.3
- Support Network Drive Map in the Windows Logon 6.2 and the Computer Logon 1.3
- Add new device access notification
- Add token assignment expiration notification
- Improve FQDN change and certificate change and renewal
- Improve performance in AD group membership lookup when there is a larger number of nested groups
- Administrators can generate the Authorisation Code in the admin console
- Tokens can be exported from the server and import into the Computer Logon Client to be used for offline logon
- Support SID as a form of user's login identity, along with SAM account name, down-level domain logon name and UPN
- Return a RADIUS attribute with multiple values as multiple attributes of the same name
Bug Fixes
- German umlaut letters caused errors in OOBA push authentication
- Audit Logs were not exported according to the display filter
- Preview of User Interface Customisation did not work properly
- MS-SQL deadlock at a high volume of traffic
- QR code is not displayed in Gmail
- Mapping the Personal Email identity attribute to an AD attribute got the error "Attribute is intrinsic"
- Intrusion Alert did not work
- WINSSO caused exception
- MobileID OOBA push message did not beep
- Renewing a self-signed certificate resulted in different self-signed certificates in different DualShield servers in a cluster
- Unable to set a default pin in token polices
- GridID asks for resetting path even if the mode is set to free navigation
- At login, the answer in Q&A was visible
- Many minor issues were fixed in the Admin Console
...
- Expiration notification service for AD password
- Device Quarantine UI for DevicePass, DeviceID and DeviceCert
- Organizations and users can publish custom applications on the SSO portal and Self-Sevice console.
Bug Fixes
- DualShield root CA did not have a CN
- When FQDN is being changed, its self-signed certificate is not updated
- In some cases, OOBA doesn't work on iOS devices if there are multiple DualShield servers in the system
- Alert messages do not appear in the Inbox
- Occasionally, creating a group policy caused Hibernate lazy init error
- On the DevicePass and DeviceCert activation page, Contact Info is missing
...
- Expiration notification service for token PIN and PATH
- Add "last access ip" into token
- Auto refresh user status after lockout period ends
- If the token does not have PIN, hide the "PIN" entry box
- Make "Enable Agent Registration" persistent across all DAS instances
- New UI for RADIUS server EAP options
- Add "System Info" to show info such as the version of Java, Tomcat and MySQL
- Enhance the Self-Service Policy so that the Self-Service Console can be completely customised
Bug Fixes
- At RADIUS logon, token auto provisioning did not work
- FaceSense enrollment shows black image on Mac
- Cannot download HOTP token in Deployment Service
- Scan QR code of HOTP token results "null in ocraSuite" error
- QR code of Google Authenticator was not displaying in the Deployment Service if Authorization Code is required
- Several reflected XSS in DSC, DUA and DRP modules
- Tomcat 9 error 400 includes the Tomcat version
- A possible hibernate SQL injection in the message search function in DAC and DMC
- After upgrade to 6.0, some newly tokens cannot be seen in the user account
- SAML SP attribute entry box does not accept manual entry
- Agent's Public URL cannot be set to empty
- Upgrading 2 DualShield servers simultaneously caused optimistic lock error
Version 6.1.0.0304
Bug Fixes
- Failed to register RADIUS server
- Failed to install DualShield on a machine where JAVA is already installed
- Unable to edit Radius Client when it is connected to multiple Radius Servers
...
- Deepnet Authenticator is now available for Web and Cloud applications
- New authentication method DeviceCert is now available for Web, and Cloud application as well as Modern Authentication for Office clients
- Smartcard certificate authentication method is now also available for Web and Cloud applications
- Changing FQDN is now availbale within the admin console.
- Changing and Renewing the certificate of the web consoles is now available within the Admin Console
- New option "Download Token in MobileID App" added to the MobileID policy
- New option "Remember last login username" added to the Logon policy
- New option "Remember last login methods" added to the Logon policy
Bug Fixes
- Downloading token from the MobileID app was malfunctional
- Remembering last logon methods did not work in a multi-step logon procedure
- Disabled users were allowed to reset password
- The system admin account (SA) was not allowed to login when the license key has expired
- Application Self Test failed with an incorrect error message
- The QR code for the Google and Microsoft Authenticator did not work
- Office 365 ECP login did not work
- Unable to add Base DN when creating a new Identity Source of OpenLDAP
- Password Reset did not work in OpenLDAP (ClearOS)
- Radius server association was lost after editing a radius client
- Selecting "MS-CHAP2" in RADIUS authentication caused RADIUS authencation to fail
- Installing DualShield on Linux without legacy components would fail
- The value of RelayState was not URL encoded
- HTTP proxy did not work
- SAML response did not include the correct value of the SAML attribute "SessionNotOnOrAfter", causing some SPs to terminate sessions within 5 minutes
- A CORS related issue
- Trying to unregister OOBA from the MobileID app caused a JSON error
- In the admin console, some passwords such as the Access User in the Identity Source was included in the data stream
- On an iOS device clicking "Download App" in DualShield Deployment Service (DDS) console took the user to Google Play
...