Download > DualShield > Documents
Release Notes
DualShield 5.9.1, Released on May 27, 2016
NOTICE
The major changes in v5.9.1 are:
- » Support Windows 10 OS logon
- » New DevicePass implementation
For Windows 10 users, you MUST upgrade your computer to the latest Windows update. Microsoft has fixed a bug that causes issues in the DualShield Windows Logon
If you are a customer who has been using the DevicePass authentication, you MUST read this article carefully before proceeding to upgrade to v5.9.1
BUG FIX
- » XSS Vulnerability
- » DevicePass failed to registered on Mac
- » Fails to download tokens from Windows MobileID client
- » Get error 404 when try to download MobileID app for USB flash drive from DPS
- » The "Lock to Domain" option in DevicePass did not work in all cases
- » In the IP filter, IP range 0.0.0.0-255.255.255.255 doesn't match any ip
- » Access Control policy does not work in Outlook Anywhere for Mac
- » After enabled/disabled syslog settings, Dualshield has to be restarted
IIS Agent - » When IIS application has more than one URL bindings, the redirect URL is not consistent.
- » Auto logon doesn't work sometimes (OWA 2013)
Windows Logon - » Fix Windows 10 logon issues
- » Syntax Error when user name has apostrophe in Windows Logon
- » RDP remote connection hanging on "Please wait.. " page
- » DevicePass on RDP v6.3.9600 does not work
- » User need to re-train typesense token in offline mode
- » Error E-CONNECT-CLIENT-AGENT occurs sometimes
- » Device Pass activation step is missing after registration
Mac Logon - » Administrator is able to unlock the mac machine when it is locked by a domain user
Outlook Anywhere/Mac - » Authenticator list is empty sometimes due to empty DB file
- » Cursor cannot be focus to the passcode textfield
DualShield Server
IMPROVEMENTS
- » Support 'status' in the token assignment batch import
Windows Logon - » Use HTTPS between client & agent
- » Use Windows DPAPI to encrypt offline credentials
Mac Logon - » Support 2FA for unlocking computer
- » TypeSense supported in offline mode
- » Support "Change Password"
Outlook Anywhere - » Support Outlook 2016 on Mac
- » Support MAPI over HTTPS (Exchange 2016 + Outlook 2016)
DualShield Server
Release Notes
DualShield 5.9, Updated on December 22, 2015
BUG FIX
- » "User is not found" when loginname contains apostrophe in 2X logon
- » LDAPS url mistakenly replaced by "https" if it conatins ldaps in the domain name itself
- » Web logon with TypeSense only: only one domain is used when the realm contains more than one domain
- » Web logon with TypeSense only: did not check the type of TypeSense token. It should take "Web SSO" only
- » Linux console installer: when select to use an existing mysql, the datasource URL becomes blank
- » Linux installer failed on Ubuntu 15 (15.04 or 15.10)
- » Linux installer supports software encryption only. It did not support the non-encryption option
IMPROVEMENTS
- » Domain in down-level login name will match either NetBIOS name or DNS name
- » Linus Installer: Insert hostname into /etc/hosts
DualShield 5.9, Updated on December 03, 2015
BUG FIX
- » DualShield does not report error when AD password reset failed.
- » Requesting ODP that requires static password (T-Pass) would fail if the password has expired
- » TypeSense verification would fail if the password has expired
- » Session timeout does not work on Management Console
- » In "Inbox", click any unread message will popup error "Field 'message_id' doesn't have a default value"
- » GridID throws "String index out of range" exception when the "Wrap" option is unchecked
- » Alert "ne" operator causes exception
- » Alert operators haven't been implemented completely
- » Linux console installer failed with NDBCLUSTER engine error
- » DevicePass client updated to avoid virus warning
- » New attribute "clearPassword" can be added to SAML return (for SSO)
- » Fix ECP
- » The Password Reset module always failed with "User checksum error"
- » Editing "logon step" from application's context menu failed
Release Notes
DualShield 5.9, Released on September 28, 2015
NEW FEATURES
- » Support Access Card (Proximity Card) in Windows & Web Logon
- » Support FIDO U2F Authentication in Windows & Web Logon
- » Support Smartcard/Certificate authentication in Windows Logon
- » Support OOBA (Push to Accept) in RADIUS Logon
- » Support OOBA (Push to Accept) in Outlook for MAC
- » Support SAML/ECP
- » Support SAML 1.1
- » Support WS-Fed
- » Support IBM DB2
- » Support Fingerprinting with iOS devices
- » New Certificate Enrollment wizard for Windows
- » Unlock AD user when password is reset
- » New Password Reset module in DPS (DualShield Provisioning Server)
- » New Emergency Code module (DualShield Provisioning Server)
- » Addded Grace Period support to DevicePass
IMPROVEMENTS
- » MySQL upgraded to v5.6 (new installation only, existing installation can only be migrated)
- » JVM upgraded to v7.0 (new installation only, existing installation needs to run the framework upgrade)
- » Tomcat upgraded to v8.0 (new installation only, existing installation needs to run the framework upgrade)
- » LDAP Broker supports combined methods, e.g. Password+OTP
- » New options in the Self-Service policy for the password reset & emergency code modules
- » Grace Peroid supports floating point number
- » Added the option "Grace period applied to the first token only"
- » Support proxy in OOBA
- » Support OOBA authentication in cluster environment
- » Message gateway settings reloaded automatically in cluster environment
- » An alert can execute a task
- » Map NameID to SP attribute
- » Rename "Outlook Anywhere" method to "Enhanced Client"
- » Support multiple TypeSense tokens in Windows Logon
BUG FIX
- » Management Console was not fully compatible with IE
- » Nested Group search did not work
- » Error: Cannot get property 'tokenAssignment' on null object
- » Use PSHA256 or PSHA512 in OCRA would cause NullPointerException
- » Update stuck at creating backup folder if the installation path doesn't contain a space
- » OOBA caused null pointer exception during activation when there are multiple tokens
- » Emergency Code limit set to 0 caused problems
- » In Alert, ScriptEngine causes memory leak
- » User cannot set alert delivery channels to empty.
- » Oracle database connection lost after a period of idle
- » Ldap Failthru did not work
- » Canonical name search returned a LDAP error
- » SSO federation did not work
- » When OOBA register QR-code expired, clicking refresh doesn't recreate a new session
WINDOWS LOGON
- » When typesense is disabled, typing user name is very slow
- » FlashPass time setting did not work
- » Error "Expected a struct" when download the offline token
- » Challenge/Response did not display tokens
- » Window Logon Agent connection status remain "Yes" when the agent machine's network card is disabled
- » When offline, Challenge/Response is not listed in the authentication methods
- » Error: "SQL logic error or missing database"
- » Reset Password failed on Windows Unlock screen
- » Change Password prompt did not display on Windows Unlock screen
- » Username prefill issue on Windows Unlock screen
MAC LOGON
- » When offline, token PIN did not work
- » Unlocking was very slow
OTHERS
- » And many more minor issues fixed...
DualShield 5.8.1, Released on December 22, 2014
Bug Fixes
- » Authentication Server: T-Pass did not work in "StaticPass + One-Demand Passowrd"
- » RADIUS Server: Buffer overflow caused by Juniper
- » Mac Logon: OOBA on MacOS 10.10
- » Mac Logon: Accounting Mapping in C/R
- » Outlook Agent for Mac: Incorrect log when the AD password verification fails
Improvements
- » Mac Logon: Supports login name in UPN and down level domain name
- » Mac Logon: Token PIN supported in Offline logon
DualShield 5.8.1 (RC), Released on November 19, 2014
NEW FEATURES | IMPROVEMENTS | BUG FIXES |
---|---|---|
SERVER | ||
|
|
|
WINDOWS LOGON | ||
|
|
|
MAC LOGON | ||
|
|
|
IIS AGENT | ||
|
|
|
DualShield Server 5.8, Released on August 18, 2014
New Features
- » Windows Desktop to Web Single Sign-On
- » Out-of-Band Authentication - Mobile Push
- » Challenge/Respose Authentication
- » LDAP Broker
- » Self-Service Password Reset
- » Self-Service Console customisation
- » Single Logon Page in SSO
- » UPN Suffix
- » Grace Peroid for ActiveSync DeviceID Activation
- » AD Password expiration notice
- » Include Machine Certificate in DevicePass Regsitration
Improvements
- » Browser & JAVA detection for DevicePass
- » Logon Name with UPN
- » Add Dial prefix to SMS/Telephone gateways
- » Add City and State info in Certificate Signing Request
- » Prevent user to delete system policies
- » Allow user to recreate accidentally deleted system product policy
- » Improve token auto provisioning in RADIUS
- » Outlook anywhere auto close the success page
- » DevicePass now supports iPad
- » Add user-agent, device os info to ActiveSyncDeviceID token
- » Suport wildcard certificate in DualShield installation
Bug Fixes
- » Random session time out in SSO
- » If login name contains comma, LDAP query fails with exception
- » DevicePass failed with the latest Jave installed
- » DevciePass failed in IE
- » Using "Computer Fingerprint" on a non java installed machine, the message box shows "DevicPass Web Client was not detected".
- » Certificate Applet failed with Java Security set to High
- » FlashPass failed with Java Security set to High
- » ADFS doesn't support
- » ADFS needs InResponseTo to appear in Response as attribute
- » Salesforce can't log in using principal name
- » Safari 5.1 (2002 for Windows) doesn't get the devicepass applet
- » Device pass installer does not pop up on the Non-Java machine when use no-IE browser
- » In logon policy, if 2fa is not required at all, user will still be asked to register devicepass etc.
- » An unexpected error has occurred" when use safari browser
- » After logging out, no "login again" link shown
- » Batch Deploy token failed
- » DPS wrongly detects IE 9 browser as IE 6.
- » When sending OTP through "telephone" channel, it fails.
DualShield Windows Logon 5.8, Released on August 18, 2014
New Features
- » Local Account mapping
- » Out-of-Band Authentication
- » Challenge/Response Authenticaiton
- » Question/Answer Authentication
Improvements
- » Offline Logon
- » Logon with local account
Bug Fixes
- » Windows logon client crashed when user is asked to change AD password
- » RDP failed on Windows 2003
- » Password change did not work properly
- » DevicePass gets "Unspecified Error"
DualShield Mac Logon 5.8, Released on August 18, 2014
New Features
- » Out-of-Band Authentication
- » Challenge/Response Authenticaiton
- » Question/Answer Authentication
Improvements
- » Offline Logon
- » Logon with local account
Bug Fixes
DualShield IIS Agent 5.8, Released on August 18, 2014
New Features
- » Bypass 2FA option
Improvements
- » Outlook Anywhere
- » IP Filter
Bug Fixes
DualShield Server 5.7.2, Released on 02/06/2014
New Features
- » Failthru as an authenticator and failthru policy
Improvements
- » Access Policy: support "X-Forwarded-For" proxy chain
- » SAML: added "InResponseTo" option in the SAML response
- » When creating a domain, allow token repository and image repository to be blank to use default values
- » Autocomplete="off" is set for password field
Bug Fixes
- » Failthru as OTP does not work when auth is set to "StaticPass+OTP" and "OTP+StaticPass"
- » Audit 'Login Name' field does not list incorrect username when download token on mobileID
- » Report failed with "No such property: long_col1 for class: com.deepnet.das.report.ReportData"
- » Message with empty password issent out when "Require static password" is checked on T-pass token
- » DMC web page freeze when create the Logon procedure by using Application Wizard
- » Upgrade from 5.6 to 5.7 with Microsoft SQL Server failed
- » Identity Source page appears to blank after one of the LDAP AD's password is updated.
- » Upgrade from 5.6.1.0909 to 5.7.1.1105 failed on Oracle database
- » Lockout policy doesn't count on E_RESPONSE_INCORRECT
- » DMC does not list the imported certificate authority information
- » After user's token assignment expired, the user will be able to login without using 2-factor authentication
- » SSO login using principal name look up domain failure
- » Salesforce SAML failed due to user name incorrectly filled when using principal name
- » Ldap user password expired or must change password error code is not returned, always got "credential incorrect".
- » Multiple AD password authentication attempts in one logon attempt
- » X-Forwarded-For is not handled correctly in SSO
DualShield Server 5.7, Released on 10/30/2013
New Features
- » DualFence - MFA for BYOD
- » Supports Syslog
- » Supports Google Authenticator
- » Apache Tomcat Integration
- » Scripting in RADIUS attribute and SAML SP attribute
Improvements
- » Dial Prefix
- » Application Wizard
- » TeleSign SMS & Voice Gateway
- » Active Direcotry Browsing Pagenation
- » F5 BigIP support via SAML
- » New SAML signing option: sign on assertion or/and response
- » New T-Pass policy: Available Channels
- » New Session Variable: session.usedAuthenticators
- » RADIUS attributes can be bound to RADIUS clients
- » General performance
Bug Fixes
- » Users were able to request a certificate when the certificate request policy was set as 'Deny'
- » Exporting certificate to PKCS12 file did not ask for a new password
Windows Logon 5.6.1.1015, Updated on 10/15/2013
Bug Fixes
- » When typing username into appropriate field, the product automatically tabs down to the password field
DualShield Server 5.6, Updated on 09/26/2013
Bug Fixes
- » When a biometric token is not ready, trying to use it to logon caused the user account to be locked up.
- » Resetting a TypeSense token did not work if the user had downloaded the token to client machine
Improvements
- » Added a new event: TYPESENSE_TRAINING_FINISHED
- » Added a new policy option for Time-Based OTP Token: Enable Automatic Synchronisation
Windows Logon 5.6, Updated on 09/23/2013
Bug Fixes
- » While attached to the local network by changing the domain to the local machine name then putting in their domain UPN in the username, it was possible to bypass two-factor authentication.
- » In some cases, the input focus was automatically moved to the password field while the user is entering their username
- » TypeSense policy was not synchronised with offline logon
Improvements
- » Improved message description of "E-TYPESENSE-TRAININGFAIL: 6: ks_data_parser return with error 1397752"
RADIUS Server 5.6, Updated on 09/17/2013
Bug Fixes
- » No RADIUS Access-Response on Aruba 3600 controller
Improvements
- » Allow unknown vendor-specific attribute to be empty
- » General performance
DualShield 5.6 SP6
New Features
- » Multi-selection of authenticators in RADIUS C/R
Improvements
- » Improve TOTP token out-sync handling
- » Improve TOTP auditing
- » Added new debug log options
- » System time drift detector
- » System low performance warning
- » System caches is reloaded automatically in clustering environment
- » Added X-Frame-Options to avoid clickjacking
- » Added F5 RADIUS attributes
- » RADIUS server performance
Bug Fixes
- » Upgrade from 5.3 to 5.6 got exception: "collection was not processed by flush()"
DualShield 5.6 SP5
New Features
- » 2X: Supports 2X native integration (2X Application Server v10.6)
- » RADIUS: New RADIUS client option: "Strip the realm from username at authentication"
- » RADIUS: Supports Password Change in RADIUS Challenge/Response
- » IIS Agent: IP Filter supports X-Forwarded-For
Improvements
- » Emergency Code can now be deleted
- » Windows Logon: Sometimes when starting the computer, only local computer shows up in the Domain list.
- » Outlook Anywhere: DualShield Outlook Anywhere client now supports Microsoft Outlook Client 2013
Bug Fixes
- » Windows Logon: on Windows 7, when a PC is locked, switching user and entering a wrong password will cause infinite loop.
DualShield 5.6 SP4
New Features
- » Added "Token PIN" as an Authenticator for RADIUS-based applications.
- » Supports Token PIN Change in RADIUS Challenge/Response
Improvements
- » The length of token's PIN can be varaible.
DualShield 5.6 SP3
New Features
- » Added support for OpenLDAP
Improvements
- » DAS now checks access control policy when checking radius proxy policy
- » DAS now checks system RADIUS proxy policy when user is not found.
- » DAS now checks IP access control policy when checking radius proxy policy
- » Added "concat=5" to clickatell request to avoid error "Max message parts exceeded"
- » Made Identity Attribute 'type' editable
- » Windows Logon Agent installer: change the agent registration dialog, use server address and port. Avoid the http/https mistake
- » IIS Agent: Cross application pool authentication cache. Solved download offline address book issue.
Bug Fixes
- » The second date/time slot in an access control policy is not working
- » After user changed their info in DSS, user's info in DMC becomes uncertain.
- » DMC can't generate token PIN with letters
- » "User Must change Default PIN at Next Logon" does not work on MobileID & T-pass
- » Radius Command does not trigger T-pass token auto provisioning
- » Radius Proxy does not support long length password
- » Certificate Activation Code length and character requirements does not work
- » FlashPass Device Filter 'Allowed' & 'Denied' policy do not work properly
- » No logs in audit when a cached password is used to login
- » GridGo "Change Default Path" does not work
- » Resetting event-based SafeID token caused error
- » Some search filters for User don't work (Last Change Password, DN, etc)
- » 'Send AC to user when created or assigned' does not work on Certificate Policy
- » RADIUS attribute of the type Octets does not accept alphabetic letters
- » Batch assign token will skip some tokens if the import file contains more than one kind of products.
- » DMC: In Unit info dialog, the name field is showing the parent's name
- » DMC: Does not support the XML format for importing user
- » DMC: List duplicate delivery channels by click 'Update' button on Token Activation Code Window
- » DMC: 'Save' action does not work after editing the Format and Priority on SMTP Message Template
- » DMC: Option 'Remove assigned tokens' does not work on "Delete Tokens by Product" Task
- » DMC: When complete a Certificate Request, got "Error: Parameter error: ['id' expected]"
- » DMC: Complete Certificate Request pops up an error "Parameter error id expected"
- » DMC: Some unsupported wildcards are listed in sms template
- » DMC: 'Token is not found' when manually request activation code on Certificate.
- » SSO: Got NullPointerException when no result item is in the server response
- » SSO: Q&A logon steps returns an error message
- » RADIUS Server: Password encoding algorithm is incorrect when password is longer than 16 bytes
- » Windows Logon: On Windows 8 and Windows Server 2012, the logon client's background was sometime displayed incorrectly.
DualShield 5.6
New Features
- » Support IBM Domino Directory Server
- » Support IBM Tivoli Directory Server
- » Support IBM Tivoli Access Manager WebSEAL
- » Support 2X Application Server
- » Support password authentication for LDAP users via MSCHAP2
- » New policy option: Random Default PIN
- » Windows Logon: Support AD domain suffixes
- » Windows Logon: Support Single Sign-on (Windows 2008+)
Improvements
- » Windows Logon Agent installer: Auto Registration supported
- » RADIUS Server installer: Auto Registration supported
- » Reclaim user licenses from orphaned users.
- » License key transfer
- » Upgraded to Twitter API 1.1
- » Nested user group made visible in the Management Console
- » RadiusAttribute and RadiusProfile become public objects
- » Windows Phone 8 is recognized by provisioning server
- » DMC/DSS Logout event is logged
Bug Fixes
- » Creating certificate on Linux was extremely slow.
- » Sending the next OTP (T-Pass policy) did not work if MSCHAP2 was used in RADIUS and the authenticator was StaticPass+ODP
- » Audit export failed on Linux although it reported success.
- » Cryptokey firmware upgrade did not work
- » CryptoKey firmware options lost after restarted DualShield service
- » Sending activation code caused exception "Error: Cannot get property 'options' on null object"
- » When pin was due to be changed, the GridGo credential was not checked when resetting pin
- » SafeID activation code was not sent when required by policy
- » DMC did not check a token’s email address in the Push Token function
- » Windows Logon: Access Control policy
DualShield 5.5 SP2
New Features
- » Offline tokens for Windows & Mac logon can be downloaded automatically.
Improvements
- » HTTP Proxy (of Message Gateways) did not work
- » MS-CHAP2-Success attribute in RADIUS response was not implemented correctly
- » Resetting Path for GridID generated error
- » Login to safe mode did not work in previous releases of 5.5
Bug Fixes
- » Email gateway checkboxes did not work
DualShield 5.5 SP1
New Features
- » Resetting GridGo Path in SSO
Improvements
- » New report template: "Users with Q&A Enabled"
- » New policy option "Generate Random Path for New Token" in GridGo Policy
- » New policy option "User Must Change Default Path at Next Logon" in GridGo Policy
- » New policy option "User Must Change Default PIN at Next Logon" in GridGo Policy
- » New policy option "Display Keypad" in GridGo Policy
- » Remove "Status" when assigning token to an user in DMC
- » New wildcards [[PIN]] and [[PATH]] in sending activation code template in DMC
- » New "User Must Reset Path at Next Logon" option in reset path window of DMC
- » Improve navigation by clicking grid cells of GridGo in SSO
- » Seperated PIN input field when logging on with GridGo in SSO
- » Shows a navigator when keypad is not displayed in SSO
Bug Fixes
- » Email gateway checkboxes did not work
DualShield 5.5
New Features
- » ICE Logon Procedure
- » SSO Federation
- » Multiple Communication Gateways
- » AD Password Cache for Web & Windows Logon
- » FaceSense for Web & Windows Logon
- » VoiceSense for Web Logon
- » DevicePass for Window Logon
- » Q & A for VPN Logon
Improvements
- » TFA for Outlook Anywhere vastly improved with both "Client-less" and "Client mode" options
- » AD Identity source authentication now supports User Principle Name (UPN) and Down-Level Logon Name (loginname@domainname and domainname\loginname)
- » New policy option "Maximum Number of Uses" in T-Pass
Bug Fixes
- » "Deploy Tokens" in Domain/Unit/Group caused exception
- » T-Pass did not use the channel policy option to send next OTP.
- » Setting domains of a role would clear all permits
- » Domains with identical NETBIOS name caused Cross-Realm Domain Access error
- » The TypeSense training 'reset' icon was missing from the Window logon client x64 version
- » TFA bypassed if the UPN is used and the Enter key is pressed swiftly after username and password were entered
- » TFA bypassed if the login name was changed before the previous query returned.
- » If IPv6 enabled, Windows Logon configuration was not reloaded after the Save button is clicked.
DualShield 5.4 (SP3)
Bug Fixes
- » The Audit Purge task causes exception
DualShield 5.4 (SP2)
Bug Fixes
- » Registering GridID token in Self-service console causes exception
- » Backend & Frontend installation options did not work properly
New Features
- » "Deploy Tokens" will trigger the Client Provisioning policy option
DualShield 5.4 (SP1)
New Features
- » Q&A is supported in RADIUS
DualShield 5.4
Bug Fixes
- » MSCHAP2 did not work in RC2
- » TPASS via CHAP/MSCHAP2 did not work in all previous versions
- » Typesense only logon procedure password changing did not work properly.
- » Q&A policy option maxsize and throttle was not checked
- » Changing RADIUS attribute columns width caused exception in accounting/Radius report
- » When failed to change password (via SSO), the audit showed succeeded.
DualShield 5.4 RC2
Bug Fixes
- » Windows Logon was not functional in RC1
- » SMTP TLS authentication did not work
DualShield 5.4 RC1
New Features
- » Computer device authentication: DevicePass
- » USB flash drive authentication: FlashPass
- » Certificate authentication
- » Certificate management
- » RADIUS EAP/PEAP protocol
- » RADIUS accounting
- » Outlook Anywhere integration
- » Exchange ActiveSync integration
- » MobileID for Windows Phone
Improvements
- » Approximate Matching in Q & A
- » MobileID installer supports installation for current user only without admin privileges
- » When the SMTP server doesn't require authentication, the system still works even the "require authentication" option is enabled in the SMTP server configuration
- » New "bytes" function added to support RADIUS attribute mapping from string to bytes (octets)
- » New "ReportResult" object added in role permits
- » Dictionary for Infoblox added into the RADIUS server
Bug Fixes
- » RADIUS logon: When the logon policy was set to "multi-factor is not required for all users", user could login with arbitrary password
- » Windows Logon: Token provisioning did not work properly
- » VMWare Logon: S_MFA_NOT_REQUIRED was incorrectly treated as failure
- » RADIUS server: If the value of an attribute was great than 2^31, it was treated as minus signed integer.
- » If "Valid for N minutes" was set to 0 in T-PASS policy, the code became invalid immediately.
- » When a user had no token, Q&A defined in the logon procedure was not listed
- » Role permit "Audit:view" did not work properly.
- » Using radius command ">email user" caused exception if the SMTP server cannot relay the message
- » Enhanced group membership checking to avoid looping membership
- » Batch assign token had an error in its statistics
- » Connecting a Radius proxy to Radius server caused exception "java.lang.ClassCastException"
- » Opening role list tab caused "Cannot invoke method join() on null object"
DualShield 5.3
New Features
- » Reporting
- » Application self-test
- » Default token PIN applied dynamically at runtime if it is required by the policy
- » New wildcard [PIN] in the Send OTP template
- » Reset LDAP user password via Management Console
- » RADIUS accounting port (1813) is supported
Improvements
- » The performance of AD connection is greatly improved
- » The performance of the SSO server is greatly improved
- » Login name is now case insensitive when authenticating via RADIUS/MSCHAP2
- » During Safe Mode, the management console is only accessible from local machine
- » When a user changed their static password, their TypeSense is automatically reset Li>Speed up authenticator listing at windows logon
Bug Fixes
- » Pushing a token immediately generates an activation code, causing it to be always out of sync
- » Token auto-sync did not work
- » OTP in the "Register Token" did not work
- » Assigning token from self-service would cause "access denied - token:assign" error
- » Unable to unassign a token if the associated user is deleted in Active Directory
- » MobileID got an error message 'Compulsory attributes missing' and it fails to install on java phone
- » Expiration of Emergency Code did not work properly
- » Searching LDAP users in OU did not work when the identity source's BaseDN is in different uppercase or lowercase to the LDAP server
- » MobileID token download page for iphone/android did not select the given domain by default
- » Windows logon did not reliably detect AD password expiration
DualShield 5.2
New Features
- » New Mac Logon Agent
- » New Access Control policy by IP addresses
- » New option for installing MobileID token onto iPhone and Android
- » Windows agent auto-discovery by DNS look-up
- » Windows client diagnosis tool
- » New task for changing token’s PIN
Improvements
- » RADIUS server now supports multi-character sets
- » Windows agent auto-discovery speeded up by local cache
- » RADIUS servers logs the incoming request if its IP doesn't match any radius client
Bug Fixes
- » RADIUS & VMWare View challenge response bug: sending OTP caused NULL pointer exception
- » Special characters in LADP’s Access DN were not correctly escaped
- » Searching users with some filters caused exception
- » Windows offline token synchronisation
- » Widows agent uninstaller did not remove the local token database file
Known Issues
- » The option "Bypass two-factor authentication if the DualShield Server is not contactable" in the Windows Logon Agent does not function properly.
DualShield 5.2 RC2
New Features
- » Application Wizard
Improvements
- » Audit Export
- » IIS 7 Agent now supports 64bits & 32bits mixed mode
Bug Fixes
- » MobileID push and download URL were incorrect
- » A pending or expired token assignment was incorrectly counted as an active assignment
DualShield 5.2 RC1
New Features
- » Improved installer offering frontend & backend servers installation
- » Provisioning Server can be installed as a standalone server
- » Support multiple message templates
- » New offline policy for Windows logon
- » New IP Filter for the Windows logon agent
- » New IP Filter in the general logon policy
- » New VMWare View Agent
- » Import users from a CSV file
- » Import tasks from a script file
- » Support encrypted token seed file
- » Support agent auto registration
- » Safe Mode
Improvements
- » RADIUS authentication method now changed to logon procedure, offering C&R and real-time delivery of T-Pass one-time password in a multi-step logon procedure.
- » Support Token Auto-Provisioning in RADIUS logon
- » Policy options of Challenge Code moved to product
- » Support multiple tokens of different types in a single seed file
- » Provisioning Server detects Blackberry mobile phones
- » New feature, e.g. pushing token added to the self-service console
Bug Fixes
- » The Access User for LDAP had to reside in the Base DN
- » Server OTP in MobileID two-way authentication was incorrect
- » GPRS modem did not work
- » Authenticator list in Windows Logon went beyond domains in the realm
- » PIN history could not be disabled
- » Activation Code was not disabled after the token was downloaded
- » Challenge Code was not purged after expiration
DualShield 5.1
Bug Fixes
- » Login to the management console with an LDAP user may cause Hibernate Exception
- » The default policy and token attributes for a manually created authentication product is incomplete.
- » "Challenge Sent" in audit trail logged with wrong type "FAILURE"
- » The characters (\r\n) are not escaped in audit export file
Improvements
- » Introduce two new domain attributes: "DNS Name" and "NetBios Name" in order to support multiple domains in a realm that’s assigned to a Windows Logon application.
- » Record VPN client IP address in audit trail.
DualShield 5.1 RC2
Bug Fixes
- » Access Control for Unit is effective but time period did not work properly
- » After upgrading from old versions, an old policy created by previous versions may not contain newly introduced policy options
- » When login to management console with an LDAP user, the group/unit query result may not be correct.
DualShield 5.1 RC1
New Features
- » Access Control policy
- » RADIUS authentication method: "Static Password >> Challlenge/Response"
- » Set and reset PIN in RADIUS logon by new commands: >setpin and >resetpin
- » Set and reset PIN in SSO logon
- » Export and purge audit trail
- » Support encrypted RSA SecureID seed data
- » Support VASCO DigiPass tokens
- » Support Oracle database
- » Support PostgreSQL
Improvements
- » MobileID client and token provisioning
- » PIN policy moved to product policy
- » "Require Static Password" option moved from logon procedure to T-Pass policy
- » Other minor improvements
Bug Fixes
- » SSL/HTTPS installation
- » Requesting OTP via RADIUS commands, e.g. >sms did not work
- » RADIUS attributes/profile attached to groups and units did not work
- » Sending Emergency Code by SMS results in "Communicator error"
- » RADIUS authentication "Static Password >> OTP" did not work with T-Pass
- » RADIUS authentication "Static Password >> OTP" did not work with GridID
- » Failthru authentication needs a dummy OTP token
- » Other minor bugs
Known Issues
- » Challenge & Response does not work on MobileID/iPhone
- » Challenge & Response with PIN does not work on all MobileID clients
- » Failthru as OTP does not work with "Static Password + OTP" and "OTP + Static Password"