You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 52 Next »

Version 6.5.2.0620 (June 20, 2022)

Bug Fixes

  • A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
  • Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
  • An incorrect policy could be used when there are multiple domains in a realm (3775)
  • If an AD group is renamed, it became invisible in the DualShield admin console (3763)
  • Web SSO could sometimes mistakenly use the DNA logon procedure (2416)

Features & Improvements

  • Support Access Card authentication with Computer Logon v1.5 client 
  • Support FIDO2 authentication with Computer Logon v1.5 client (not with Web SSO) (3762, 3767)
  • SSO Service Provider created by the IIS Agent will have the option "Sign on SAML Response" enabled by default (3764)
  • Automatically migrate MobileID token to use default FCM with MobileID v6.1 app (3767)

Known Issues

This update introduced a bug below:


Version 6.5.2.0601 (June 01, 2022)

Bug Fixes

  • Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
  • IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
  • When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
  • Cross-origin resource sharing: arbitrary origin trusted (3730)
  • Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
  • The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
  • Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
  • Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
  • Did not include ClientIP in intrusion alert (3713)
  • Import a full-chained certificate gets the error: Certificate not chained (3745)
  • Assigning token in DAC got null pointer exception (3746)
  • False error messages in das6.log:  "The application's global logon procedure is not found: Desktop SSO" (3751)
  • The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
  • Reset token successfully but there is no confirmation on the screen at all (3756)

Features & Improvements

  • Support WSFED for Outlook Web Access (OWA) and EAC (Exchange Access Console) (3758)
  • Support multiple values of a SAML attribute (3648)
  • Querying nested group membership took long time when checking roles and license (3709)
  • New task for pushing MobileID download link in bulk by user group or domain (3718)

Version 6.5.1.0503 (May 03, 2022)

Features & Improvements

  • Support Microsoft Remote Desktop Web Client (3674)
  • Support TLS 1.3 (3703)
  • MS-SQL JDBC driver upgraded to 10.2 (3681)

Bug Fixes

  • DualShield with SQL server database upgrading to v6.5.0 failed (3671)
  • Deleting and re-adding DeviceID tokens in the same user account caused the license count to increment (3488)
  • The user search filter stopped working after moving to the next page (3645)
  • Login via the Deepnet Authenticator (DNA) sometimes caused a deadlock (3653)
  • OOBA by SMS and Call did not work in v6.5.0 (3679, 3880)
  • The "Users have been inactive for n days" did not work (3690)

Version 6.5.0.0401 (April 1, 2022)

New Features

  • DeviceID registration and renewal verification using Deepnet Authenticator (3469)
  • Introduced DeviceID renewal (3469)
  • Improved extraction of DeviceID properties (3473, 3525, 3563)
  • Added FIDO2 support (3420)
  • Travel velocity detection (3017)
  • Replaced log4j with logback in the authentication server module (3447)
  • Replaced log4j with logback in the certificate server module (3441)
  • Upgraded log4j from 1.2.17 to 2.17.2 in the management console module (3451)
  • New Device Sign-in support for Outlook Anywhere and ActiveSync (3516)
  • New Device Sign-in support for Computer Logon (3528)
  • New Device Sign-in support for Deepnet Authenticator (3529)
  • Automatically renew the SSO certificate when the associated let's encrypt certificate has been renewed (3564)
  • DualShield Deployment Service - support incoming username as a URL parameter 'username' (3582)
  • DualShield SSO - support incoming username as the NameID attribute in the SAML request (3612)
  • DualShield SSO - upgraded jquery to 3.6.0 (3590)
  • Added "Send Activation Code via email" for DeviceID

Bug Fixes

  • Failed to save the Product value in the task 'delete token by product' (3415)
  • Error - "500:no enum constant com.deepnet.das.util.LogicalOperator", when navigating to Reports (3463)
  • Error - "Gateway type not matched for TELEPHONE" in the Admin Console (3489)
  • DualShield Service Console - user-defined token properties were not displayed for T-Pass and MobileID (3545)
  • User's external status (Active/Disabled) change not reflected immediately (3561)
  • Querying available channels for activation code raised exception (3565)
  • LDAPBroker integration error: No signature of method (3569)
  • In push token email, QR-Code is always included (3620)
  • Searching LDAP user by internal attribute didn't work (3621)
  • After LDAP user's internal attributes have been updated, DAC always shows the old values (3624)

Version 6.4.20.1215 (December 15, 2021)

Bug Fixes

  • Failed to create new tokens for users who have no tokens (3438)
  • Failed to work with DualShield IIS Agent if FQDN was changed in the past (3437)
  • Log4J upgraded to 2.16  (3439)

Version 6.4.20.1212

This update is produced in reaction to the Log4j2 RCE Vulnerability 

This update includes the following changes:

1. Log4j is completely removed from the SSO server (the frontend) in the DualShield platform

2. Log4j 2 is completely removed from the authentication server (the backend) in the DualShield platform. Log4j 1.2.17 is kept as it can't be easily upgraded yet, but it is not susceptible to this vulnerability.

3. Log4j 2 in the certificate server (frontend) has been upgraded to the latest log4j 2.15 which has fixed this vulnerability.

Version 6.4.20.1129 (November 29, 2021)

New Features

  • Add support for external SQL based user directory, e.g. Keycloak (3344, 3346)
  • Release DualShield MyVD (Beta)

Bug Fixes

  • In SSO, the delivery channels for the activation code were missing (3393)
  • In SSO, error when attempting to register FIDO keys with PIN enabled (3328, 3376)
  • In DAC, group search in the policy window did not work
  • In DAC, executing the AUthentication Activity  task failed (3414)

Version 6.4.20.1029

New Features

  • Support Let's Encrypt
  • Support Deepnet Authenticator in RADIUS logon
  • Support UAC Prompt in the Windows Logon 6.2 and the Computer Logon 1.3
  • Support Network Drive Map in the Windows Logon 6.2 and the Computer Logon 1.3
  • Add new device access notification
  • Add token assignment expiration notification
  • Improve FQDN change and certificate change and renewal
  • Improve performance in AD group membership lookup when there is a larger number of nested groups
  • Administrators can generate the Authorisation Code in the admin console
  • Tokens can be exported from the server and import into the Computer Logon Client to be used for offline logon
  • Support SID as a form of user's login identity, along with SAM account name, down-level domain logon name and UPN
  • Return a RADIUS attribute with multiple values as multiple attributes of the same name

Bug Fixes

  • German umlaut letters caused errors in OOBA push authentication
  • Audit Logs were not exported according to the display filter
  • Preview of User Interface Customisation did not work properly
  • MS-SQL deadlock at a high volume of traffic
  • QR code is not displayed in Gmail
  • Mapping the Personal Email identity attribute to an AD attribute got the error "Attribute is intrinsic"
  • Intrusion Alert did not work
  • WINSSO caused exception
  • MobileID OOBA push message did not beep
  • Renewing a self-signed certificate resulted in different self-signed certificates in different DualShield servers in a cluster
  • Unable to set a default pin in token polices
  • GridID asks for resetting path even if the mode is set to free navigation
  • At login, the answer in Q&A was visible
  • Many minor issues were fixed in the Admin Console

Version 6.3.0.0611

New Features

  • Expiration notification service for AD password
  • Device Quarantine UI for DevicePass, DeviceID and DeviceCert
  • Organizations and users can publish custom applications on the SSO portal and Self-Sevice console.

Bug Fixes

  • DualShield root CA did not have a CN
  • When FQDN is being changed, its self-signed certificate is not updated
  • In some cases, OOBA doesn't work on iOS devices if there are multiple DualShield servers in the system
  • Alert messages do not appear in the Inbox
  • Occasionally, creating a group policy caused Hibernate lazy init error
  • On the DevicePass and DeviceCert activation page, Contact Info is missing

Version 6.2.0.0419

New Features

  • Expiration notification service for token PIN and PATH
  • Add "last access ip" into token
  • Auto refresh user status after lockout period ends
  • If the token does not have PIN, hide the "PIN" entry box
  • Make "Enable Agent Registration" persistent across all DAS instances
  • New UI for RADIUS server EAP options
  • Add "System Info" to show info such as the version of Java, Tomcat and MySQL
  • Enhance the Self-Service Policy so that the Self-Service Console can be completely customised

Bug Fixes

  • At RADIUS logon, token auto provisioning did not work
  • FaceSense enrollment shows black image on Mac
  • Cannot download HOTP token in Deployment Service
  • Scan QR code of HOTP token results "null in ocraSuite" error
  • QR code of Google Authenticator was not displaying in the  Deployment Service if Authorization Code is required
  • Several reflected XSS in DSC, DUA and DRP modules
  • Tomcat 9 error 400 includes the Tomcat version
  • A possible hibernate SQL injection in the message search function in DAC and DMC
  • After upgrade to 6.0, some newly tokens cannot be seen in the user account
  • SAML SP attribute entry box does not accept manual entry
  • Agent's Public URL cannot be set to empty
  • Upgrading 2 DualShield servers simultaneously caused optimistic lock error

Version 6.1.0.0304

Bug Fixes

  • Failed to register RADIUS server 
  • Failed to install DualShield on a machine where JAVA is already installed
  • Unable to edit Radius Client when it is connected to multiple Radius Servers

Version 6.1.0.0301

New Features

  • Deepnet Authenticator is now available for Web and Cloud applications
  • New authentication method DeviceCert is now available for Web, and Cloud application as well as Modern Authentication for Office clients
  • Smartcard certificate authentication method is now also available for Web and Cloud applications
  • Changing FQDN is now availbale within the admin console.  
  • Changing and Renewing the certificate of the web consoles is now available within the Admin Console
  • New option "Download Token in MobileID App" added to the MobileID policy
  • New option "Remember last login username" added to the Logon policy
  • New option "Remember last login methods" added to the Logon policy

Bug Fixes

  • Downloading token from the MobileID app was malfunctional
  • Remembering last logon methods did not work in a multi-step logon procedure
  • Disabled users were allowed to reset password 
  • The system admin account (SA) was not allowed to login when the license key has expired
  • Application Self Test failed with an incorrect error message
  • The QR code for the Google and Microsoft Authenticator did not work
  • Office 365 ECP login did not work
  • Unable to add Base DN when creating a new Identity Source of OpenLDAP
  • Password Reset did not work in OpenLDAP (ClearOS)
  • Radius server association was lost after editing a radius client
  • Selecting "MS-CHAP2" in RADIUS authentication caused RADIUS authencation to fail
  • Installing DualShield on Linux without legacy components would fail
  • The value of RelayState was not URL encoded
  • HTTP proxy did not work
  • SAML response did not include the correct value of the SAML attribute "SessionNotOnOrAfter", causing some SPs to terminate sessions  within 5 minutes
  • A CORS related issue
  • Trying to unregister OOBA from the MobileID app caused a JSON error
  • In the admin console, some passwords such as the Access User in the Identity Source was included in the data stream
  • On an iOS device clicking "Download App" in DualShield Deployment Service (DDS) console took the user to Google Play

Version 6.0.0.1008

DualShield 6 is the new generation of the DualShield MFA Platform, and DualShield 6.0.0.1008 is the first release of DualShield 6.

All of the web consoles in DualShield have been completely rewritten using the latest web technologies. 

DualShield 6 ConsolesAbbreviationPortURLDualShield 5 ConsolesAbbreviationPortURL
DualShield Administration ConsoleDAC8073https://fqdn:8073/dacDualShield Management ConsoleDMC8073https://fqdn:8073/dmc
DualShield SSO ServerSSO8074, 8075https://fqdn:8074/ssoDualShield SSO Server APPSSO8074, 8075https://fqdn:8074/appsso
DualShield Depolyment ServiceDDS8076https://fqdn:8076/ddsDualShield Provisioning ServerDPS8072https://fqdn:8072/dps
DualShield Service ConsoleDSC8076https://fqdn:8076/dscDualShield Self-Service ConsoleDSS8076https://fqdn:8076/dss
DualShield Reset Password ServiceDRP8076https://fqdn:8076/drpDualShield Reset Password ServiceDRP8076https://fqdn:8076/dps
DualShield Unlock Account ServiceDUA8076https://fqdn:8076/duaDualShield Unlock Account ServiceDUA8076https://fqdn:8076/dps
DualShield Emergency Access ServiceDEA8076https://fqdn:8076/deaDualShield Emergency Access ServiceDEA8076https://fqdn:8076/dps

There are many improvements and bug fixes in DualShield 6, such as

  • Linux logon client that supports offline 2FA logon
  • A new option to prevent naming guessing in the Web logon process 
  • Using email address as the login name instead of UPN
  • A new face recognition engine with improved FAR and FRR
  • Change FQDN by one click in the admin console
  • Change and renew web console certificate in the admin console

There are also some new key features & functions been introduced into DualShield 6:

  • Localization: DualShield 6 supports international languages
  • Customization: DualShield provides more flexible and convenient UI customization which will survive future upgrades
  • DeviceCert Authenticator: A new generation of device fingerprinting technology that supports multiple platforms including Windows, Mac, iOS and Android, and multiple applications including Office 365.
  • Deepnet Authenticator: A new innovative MFA authentication app that delivers a unified MFA experience across devices and operating systems.

However, those new key features are yet to be perfected in the upcoming new updates of DualShield 6 in the near future. 

Change Logs

6.0.0.1008

- Fix replacing console web certificate did not accept wild card certificate

- Fix replacing console web certificate with a server certificate in the repository

- Fix EAP settings was lost after upgrading from 5.9 versions

6.0.0.1007

- Fix changing FQDN # If the original FQDN includes capital letters then changing FQDN did not work properly.

6.0.0.1006

- Fix EAP settings # EAP settings were not saved properly, causing Radius clients such as NetMotion unable to connect

6.0.0.1005

First release of DualShield 6.0


  • No labels