Download > DualShield > Documents

Release Notes

DualShield 5.9.2, Released on November 07, 2016

MAJOR CHANGES

  • » New framework update includes JRE 8.0.920.14 and TOMCAT 8.0
  • » MySQL upgraded to 5.7
  • » Logon Procedue can be customised & appplied to user groups
  • » Windows/Mac Logon Agent can be published & accessible over the Internet
  • » Windows Offline Logon supports FIDO U2F keys
  • » Session settings in the IIS Agent is now controlled by the Session policy in DualShield server

BUG FIX


DualShield Server
  • » Email address & phone number in the T-Pass token can't be updated in the self-service portal
  • » The Contact Info field was missing from the FIDO token policy
  • » The HTML Format option in SMTP message template does not work
  • » T-Pass "Send the next OTP as soon as the current OTP is used" doesn't work
  • » User cannot modify the password remembered by web browsers, it will always auto submit when you try to modify it
  • » SSO - Pressing Enter clears the username field
  • » Inactive ActiveX devicepass has to be activated/deleted in order to register a new device pass token
  • » FIDO U2F doesn't work with Chrome Version 52.0.2743.116 (64-bit)
  • » Outlook Web Access logon fails when the logon procedure is set as "Single Page"
  • » Authentication terminates when send ODP failed

IIS Agent
  • » The "Timeout Always" option did not work for OWA, RDWeb and Shaprepoint etc
  • » Multiple Outlook Anywhere applications were not supported

Windows Logon
  • » Token PIN contains "&" caused offline token sync error

Mac Logon

Outlook Anywhere for Mac
    Failed to launch Outlook 2FA after MS Outlook updated
  • » Creating meeting invitation always prompts the login dialog
  • » Force quit does not quit Outlook 2fa probably
  • » Authentication terminated when DAS server is offline
  • » Authentication window pops up more than once at the same time

IMPROVEMENTS


    DualShield Server
  • » Logon Procedue can be customised & appplied to user groups
  • » Modules to be displayed on the Provisioning Portal by the Self-Service policy
  • » New test functions added to the gateways in the Manageent Console
  • » QR code display added to the MobileID token in the Manageent Console
  • » Add PIN option to the FIDO token policy
  • » Detect if the external SQL servver is offline
  • » New schedule edit in the task editor
  • » New QR CODE wildcard added to the message templates
  • » 

IIS Agent
  • » Session settings in the IIS Agent is now controlled by the Session policy in DualShield server
  • » ActiveSync session is identified by DeviceID, so that audit data is reduced
  • » Terminates a session as soon as the grace period has expired
  • » New option for detecting over active accounts
  • » New tool for dumping session details in real tiime

Windows Logon
  • » Windows/Mac Logon Agent can be published & accessible over the Internet
  • » Windows Offline Logon supports FIDO U2F token
  • » Added PIN support to FIDO token

Mac Logon
  • » Windows/Mac Logon Agent can be published & accessible over the Internet
  • » Added support for notification of password expiration

Outlook Anywhere for Mac
  • » Prefill password
  • » Auto login when computer fingerprint is being used as the 2nd factor
  • » Improved message box

DualShield 5.9.1, Released on May 27, 2016

NOTICE

The major changes in v5.9.1 are:

  • » Support Windows 10 OS logon
  • » New DevicePass implementation

For Windows 10 users, you MUST upgrade your computer to the latest Windows update. Microsoft has fixed a bug that causes issues in the DualShield Windows Logon

If you are a customer who has been using the DevicePass authentication, you MUST read this article carefully before proceeding to upgrade to v5.9.1

BUG FIX


    DualShield Server
  • » XSS Vulnerability
  • » DevicePass failed to registered on Mac
  • » Fails to download tokens from Windows MobileID client
  • » Get error 404 when try to download MobileID app for USB flash drive from DPS
  • » The "Lock to Domain" option in DevicePass did not work in all cases
  • » In the IP filter, IP range 0.0.0.0-255.255.255.255 doesn't match any ip
  • » Access Control policy does not work in Outlook Anywhere for Mac
  • » After enabled/disabled syslog settings, Dualshield has to be restarted

    IIS Agent
  • » When IIS application has more than one URL bindings, the redirect URL is not consistent.
  • » Auto logon doesn't work sometimes (OWA 2013)

    Windows Logon
  • » Fix Windows 10 logon issues
  • » Syntax Error when user name has apostrophe in Windows Logon
  • » RDP remote connection hanging on "Please wait.. " page
  • » DevicePass on RDP v6.3.9600 does not work
  • » User need to re-train typesense token in offline mode
  • » Error E-CONNECT-CLIENT-AGENT occurs sometimes
  • » Device Pass activation step is missing after registration

    Mac Logon
  • » Administrator is able to unlock the mac machine when it is locked by a domain user

    Outlook Anywhere/Mac
  • » Authenticator list is empty sometimes due to empty DB file
  • » Cursor cannot be focus to the passcode textfield

IMPROVEMENTS


    DualShield Server
  • » Support 'status' in the token assignment batch import

    Windows Logon
  • » Use HTTPS between client & agent
  • » Use Windows DPAPI to encrypt offline credentials

    Mac Logon
  • » Support 2FA for unlocking computer
  • » TypeSense supported in offline mode
  • » Support "Change Password"

    Outlook Anywhere
  • » Support Outlook 2016 on Mac
  • » Support MAPI over HTTPS (Exchange 2016 + Outlook 2016)

Release Notes

DualShield 5.9, Updated on December 22, 2015

BUG FIX

  • » "User is not found" when loginname contains apostrophe in 2X logon
  • » LDAPS url mistakenly replaced by "https" if it conatins ldaps in the domain name itself
  • » Web logon with TypeSense only: only one domain is used when the realm contains more than one domain
  • » Web logon with TypeSense only: did not check the type of TypeSense token. It should take "Web SSO" only
  • » Linux console installer: when select to use an existing mysql, the datasource URL becomes blank
  • » Linux installer failed on Ubuntu 15 (15.04 or 15.10)
  • » Linux installer supports software encryption only. It did not support the non-encryption option

IMPROVEMENTS

  • » Domain in down-level login name will match either NetBIOS name or DNS name
  • » Linus Installer: Insert hostname into /etc/hosts

DualShield 5.9, Updated on December 03, 2015

BUG FIX

  • » DualShield does not report error when AD password reset failed.
  • » Requesting ODP that requires static password (T-Pass) would fail if the password has expired
  • » TypeSense verification would fail if the password has expired
  • » Session timeout does not work on Management Console
  • » In "Inbox", click any unread message will popup error "Field 'message_id' doesn't have a default value"
  • » GridID throws "String index out of range" exception when the "Wrap" option is unchecked
  • » Alert "ne" operator causes exception
  • » Alert operators haven't been implemented completely
  • » Linux console installer failed with NDBCLUSTER engine error
  • » DevicePass client updated to avoid virus warning
  • » New attribute "clearPassword" can be added to SAML return (for SSO)
  • » Fix ECP
  • » The Password Reset module always failed with "User checksum error"
  • » Editing "logon step" from application's context menu failed

Release Notes

DualShield 5.9, Released on September 28, 2015

NEW FEATURES

  • » Support Access Card (Proximity Card) in Windows & Web Logon
  • » Support FIDO U2F Authentication in Windows & Web Logon
  • » Support Smartcard/Certificate authentication in Windows Logon
  • » Support OOBA (Push to Accept) in RADIUS Logon
  • » Support OOBA (Push to Accept) in Outlook for MAC
  • » Support SAML/ECP
  • » Support SAML 1.1
  • » Support WS-Fed
  • » Support IBM DB2
  • » Support Fingerprinting with iOS devices
  • » New Certificate Enrollment wizard for Windows
  • » Unlock AD user when password is reset
  • » New Password Reset module in DPS (DualShield Provisioning Server)
  • » New Emergency Code module (DualShield Provisioning Server)
  • » Addded Grace Period support to DevicePass

IMPROVEMENTS

  • » MySQL upgraded to v5.6 (new installation only, existing installation can only be migrated)
  • » JVM upgraded to v7.0 (new installation only, existing installation needs to run the framework upgrade)
  • » Tomcat upgraded to v8.0 (new installation only, existing installation needs to run the framework upgrade)
  • » LDAP Broker supports combined methods, e.g. Password+OTP
  • » New options in the Self-Service policy for the password reset & emergency code modules
  • » Grace Peroid supports floating point number
  • » Added the option "Grace period applied to the first token only"
  • » Support proxy in OOBA
  • » Support OOBA authentication in cluster environment
  • » Message gateway settings reloaded automatically in cluster environment
  • » An alert can execute a task
  • » Map NameID to SP attribute
  • » Rename "Outlook Anywhere" method to "Enhanced Client"
  • » Support multiple TypeSense tokens in Windows Logon

BUG FIX

  • » Management Console was not fully compatible with IE
  • » Nested Group search did not work
  • » Error: Cannot get property 'tokenAssignment' on null object
  • » Use PSHA256 or PSHA512 in OCRA would cause NullPointerException
  • » Update stuck at creating backup folder if the installation path doesn't contain a space
  • » OOBA caused null pointer exception during activation when there are multiple tokens
  • » Emergency Code limit set to 0 caused problems
  • » In Alert, ScriptEngine causes memory leak
  • » User cannot set alert delivery channels to empty.
  • » Oracle database connection lost after a period of idle
  • » Ldap Failthru did not work
  • » Canonical name search returned a LDAP error
  • » SSO federation did not work
  • » When OOBA register QR-code expired, clicking refresh doesn't recreate a new session

  • WINDOWS LOGON

  • » When typesense is disabled, typing user name is very slow
  • » FlashPass time setting did not work
  • » Error "Expected a struct" when download the offline token
  • » Challenge/Response did not display tokens
  • » Window Logon Agent connection status remain "Yes" when the agent machine's network card is disabled
  • » When offline, Challenge/Response is not listed in the authentication methods
  • » Error: "SQL logic error or missing database"
  • » Reset Password failed on Windows Unlock screen
  • » Change Password prompt did not display on Windows Unlock screen
  • » Username prefill issue on Windows Unlock screen

  • MAC LOGON

  • » When offline, token PIN did not work
  • » Unlocking was very slow

  • OTHERS

  • » And many more minor issues fixed...

DualShield 5.8.1, Released on December 22, 2014

Bug Fixes

  • » Authentication Server: T-Pass did not work in "StaticPass + One-Demand Passowrd"
  • » RADIUS Server: Buffer overflow caused by Juniper
  • » Mac Logon: OOBA on MacOS 10.10
  • » Mac Logon: Accounting Mapping in C/R
  • » Outlook Agent for Mac: Incorrect log when the AD password verification fails

Improvements

  • » Mac Logon: Supports login name in UPN and down level domain name
  • » Mac Logon: Token PIN supported in Offline logon

DualShield 5.8.1 (RC), Released on November 19, 2014

NEW FEATURES IMPROVEMENTS BUG FIXES
SERVER
  • » Emergency Code Management
  • » Question & Answers Management
  • » Windows Unlock Policy
  • » "Use Cached Password" option in Logon Policy
  • » "Login Name Format" option in SSO Service Provider
  • » "One Time Use" option in SSO Service Provider
  • » Check duplication in domains' DNS names
  • » When an admin pushes out a token on a sepcific channel, then failover should take effect if it fails.
  • » PIN synchronisation with Windows logon client
  • » Offline policy synchronisation with Windows logon client
  • » "User Must Change Default PIN at Next Logon" should also take effect when "Generate Random PIN" option is on
  • » Set "Autocomplete=off" in all password fields
  • » Reset PIN in DMC will not check PIN history
  • » Unexpected error occurred on FlashPass Device
  • » SSO displays session timeout immediately when connected by a 3rd-party SP
  • » Sometimes generated two software tokens with an identical number
  • » Search filter "not equals" doesn't work
  • » HOTP module policy enableAutoSync causes token synchronisation problem
  • » DualShield did not check token's mobile phone number
  • » Reset password page crashed in DSS
  • » Cache password doesn't work when changing password
  • » CHAP/MSCHAP2 StaticPass+OTP doesn't work when LDAP password is cached
  • » User with special characters in password cannot login to DPS
  • » Ldap identity source error when opening users
  • » Single Page logon reports error when only one logon step (with multiple tokens) is set
  • » User failed to logon outlook client even 2 factor authentication is succeeded
  • » Redirect error on OWA 2013 because of URL encoding
  • » Need to auto sync licenses across multiple DAS server
  • » On Windows logon, if 2FA is not required, "lastLogin" was not updated
WINDOWS LOGON
  • » Options for Windows Unlock
  • » Token PIN supported for Offline logon
  • » Offline detection and handling
  • » Offline policies are downloaded when tokens are manually downloaded
  • » Password was not cached when changing password
  • » Windows Logon Manager crashed if it was not running as administrator
  • » When typesense was disabled, typing user name was very slow
MAC LOGON
  • » Grid Card authentication
  • » OOBA authentication
  • » Challenge/Response authentication
  • » Distinguish local account from domain account
  • » Support token PIN change
  • » Support token activation
  • » Support local account mapping
  • » Support the "Bypass 2FA" option
  • » Synchronization error when offline
  • » Account Mapping failed when mapped to a managed user
  • » Enforce 2FA offline did not work properly
  • » Typing user name could be very slow
IIS AGENT
  • » Support Outlook Anywhere for Mac
  • » Application Single Sign-On
  • » Advanced Logon Settings template for SharePoint
  • » Set session expires to 0 to disable the cache
  • » Allow dnsName\samAccountName to be able to log in
  • » Cached password did not expire
  • » Failed to disable 2FA on a node while DAS is down
  • » Changeing server settings (host, port, ssl, proxy etc) would cause previously selected application to be lost
  • » Outlook client-less login causes 500 error

DualShield Server 5.8, Released on August 18, 2014


New Features

  • » Windows Desktop to Web Single Sign-On
  • » Out-of-Band Authentication - Mobile Push
  • » Challenge/Respose Authentication
  • » LDAP Broker
  • » Self-Service Password Reset
  • » Self-Service Console customisation
  • » Single Logon Page in SSO
  • » UPN Suffix
  • » Grace Peroid for ActiveSync DeviceID Activation
  • » AD Password expiration notice
  • » Include Machine Certificate in DevicePass Regsitration

Improvements

  • » Browser & JAVA detection for DevicePass
  • » Logon Name with UPN
  • » Add Dial prefix to SMS/Telephone gateways
  • » Add City and State info in Certificate Signing Request
  • » Prevent user to delete system policies
  • » Allow user to recreate accidentally deleted system product policy
  • » Improve token auto provisioning in RADIUS
  • » Outlook anywhere auto close the success page
  • » DevicePass now supports iPad
  • » Add user-agent, device os info to ActiveSyncDeviceID token
  • » Suport wildcard certificate in DualShield installation

Bug Fixes

  • » Random session time out in SSO
  • » If login name contains comma, LDAP query fails with exception
  • » DevicePass failed with the latest Jave installed
  • » DevciePass failed in IE
  • » Using "Computer Fingerprint" on a non java installed machine, the message box shows "DevicPass Web Client was not detected".
  • » Certificate Applet failed with Java Security set to High
  • » FlashPass failed with Java Security set to High
  • » ADFS doesn't support
  • » ADFS needs InResponseTo to appear in Response as attribute
  • » Salesforce can't log in using principal name
  • » Safari 5.1 (2002 for Windows) doesn't get the devicepass applet
  • » Device pass installer does not pop up on the Non-Java machine when use no-IE browser
  • » In logon policy, if 2fa is not required at all, user will still be asked to register devicepass etc.
  • » An unexpected error has occurred" when use safari browser
  • » After logging out, no "login again" link shown
  • » Batch Deploy token failed
  • » DPS wrongly detects IE 9 browser as IE 6.
  • » When sending OTP through "telephone" channel, it fails.

DualShield Windows Logon 5.8, Released on August 18, 2014


New Features

  • » Local Account mapping
  • » Out-of-Band Authentication
  • » Challenge/Response Authenticaiton
  • » Question/Answer Authentication

Improvements

  • » Offline Logon
  • » Logon with local account

Bug Fixes

  • » Windows logon client crashed when user is asked to change AD password
  • » RDP failed on Windows 2003
  • » Password change did not work properly
  • » DevicePass gets "Unspecified Error"

DualShield Mac Logon 5.8, Released on August 18, 2014


New Features

  • » Out-of-Band Authentication
  • » Challenge/Response Authenticaiton
  • » Question/Answer Authentication

Improvements

  • » Offline Logon
  • » Logon with local account

Bug Fixes

DualShield IIS Agent 5.8, Released on August 18, 2014


New Features

  • » Bypass 2FA option

Improvements

  • » Outlook Anywhere
  • » IP Filter

Bug Fixes

DualShield Server 5.7.2, Released on 02/06/2014


New Features

  • » Failthru as an authenticator and failthru policy

Improvements

  • » Access Policy: support "X-Forwarded-For" proxy chain
  • » SAML: added "InResponseTo" option in the SAML response
  • » When creating a domain, allow token repository and image repository to be blank to use default values
  • » Autocomplete="off" is set for password field

Bug Fixes

  • » Failthru as OTP does not work when auth is set to "StaticPass+OTP" and "OTP+StaticPass"
  • » Audit 'Login Name' field does not list incorrect username when download token on mobileID
  • » Report failed with "No such property: long_col1 for class: com.deepnet.das.report.ReportData"
  • » Message with empty password issent out when "Require static password" is checked on T-pass token
  • » DMC web page freeze when create the Logon procedure by using Application Wizard
  • » Upgrade from 5.6 to 5.7 with Microsoft SQL Server failed
  • » Identity Source page appears to blank after one of the LDAP AD's password is updated.
  • » Upgrade from 5.6.1.0909 to 5.7.1.1105 failed on Oracle database
  • » Lockout policy doesn't count on E_RESPONSE_INCORRECT
  • » DMC does not list the imported certificate authority information
  • » After user's token assignment expired, the user will be able to login without using 2-factor authentication
  • » SSO login using principal name look up domain failure
  • » Salesforce SAML failed due to user name incorrectly filled when using principal name
  • » Ldap user password expired or must change password error code is not returned, always got "credential incorrect".
  • » Multiple AD password authentication attempts in one logon attempt
  • » X-Forwarded-For is not handled correctly in SSO

DualShield Server 5.7, Released on 10/30/2013


New Features

  • » DualFence - MFA for BYOD
  • » Supports Syslog
  • » Supports Google Authenticator
  • » Apache Tomcat Integration
  • » Scripting in RADIUS attribute and SAML SP attribute

Improvements

  • » Dial Prefix
  • » Application Wizard
  • » TeleSign SMS & Voice Gateway
  • » Active Direcotry Browsing Pagenation
  • » F5 BigIP support via SAML
  • » New SAML signing option: sign on assertion or/and response
  • » New T-Pass policy: Available Channels
  • » New Session Variable: session.usedAuthenticators
  • » RADIUS attributes can be bound to RADIUS clients
  • » General performance

Bug Fixes

  • » Users were able to request a certificate when the certificate request policy was set as 'Deny'
  • » Exporting certificate to PKCS12 file did not ask for a new password

Windows Logon 5.6.1.1015, Updated on 10/15/2013


Bug Fixes

  • » When typing username into appropriate field, the product automatically tabs down to the password field


DualShield Server 5.6, Updated on 09/26/2013


Bug Fixes

  • » When a biometric token is not ready, trying to use it to logon caused the user account to be locked up.
  • » Resetting a TypeSense token did not work if the user had downloaded the token to client machine

Improvements

  • » Added a new event: TYPESENSE_TRAINING_FINISHED
  • » Added a new policy option for Time-Based OTP Token: Enable Automatic Synchronisation

Windows Logon 5.6, Updated on 09/23/2013


Bug Fixes

  • » While attached to the local network by changing the domain to the local machine name then putting in their domain UPN in the username, it was possible to bypass two-factor authentication.
  • » In some cases, the input focus was automatically moved to the password field while the user is entering their username
  • » TypeSense policy was not synchronised with offline logon

Improvements

  • » Improved message description of "E-TYPESENSE-TRAININGFAIL: 6: ks_data_parser return with error 1397752"

RADIUS Server 5.6, Updated on 09/17/2013


Bug Fixes

  • » No RADIUS Access-Response on Aruba 3600 controller

Improvements

  • » Allow unknown vendor-specific attribute to be empty
  • » General performance

DualShield 5.6 SP6


New Features

  • » Multi-selection of authenticators in RADIUS C/R

Improvements

  • » Improve TOTP token out-sync handling
  • » Improve TOTP auditing
  • » Added new debug log options
  • » System time drift detector
  • » System low performance warning
  • » System caches is reloaded automatically in clustering environment
  • » Added X-Frame-Options to avoid clickjacking
  • » Added F5 RADIUS attributes
  • » RADIUS server performance

Bug Fixes

  • » Upgrade from 5.3 to 5.6 got exception: "collection was not processed by flush()"

DualShield 5.6 SP5


New Features

  • » 2X: Supports 2X native integration (2X Application Server v10.6)
  • » RADIUS: New RADIUS client option: "Strip the realm from username at authentication"
  • » RADIUS: Supports Password Change in RADIUS Challenge/Response
  • » IIS Agent: IP Filter supports X-Forwarded-For

Improvements

  • » Emergency Code can now be deleted
  • » Windows Logon: Sometimes when starting the computer, only local computer shows up in the Domain list.
  • » Outlook Anywhere: DualShield Outlook Anywhere client now supports Microsoft Outlook Client 2013

Bug Fixes

  • » Windows Logon: on Windows 7, when a PC is locked, switching user and entering a wrong password will cause infinite loop.

DualShield 5.6 SP4


New Features

  • » Added "Token PIN" as an Authenticator for RADIUS-based applications.
  • » Supports Token PIN Change in RADIUS Challenge/Response

Improvements

  • » The length of token's PIN can be varaible.

DualShield 5.6 SP3


New Features

  • » Added support for OpenLDAP

Improvements

  • » DAS now checks access control policy when checking radius proxy policy
  • » DAS now checks system RADIUS proxy policy when user is not found.
  • » DAS now checks IP access control policy when checking radius proxy policy
  • » Added "concat=5" to clickatell request to avoid error "Max message parts exceeded"
  • » Made Identity Attribute 'type' editable
  • » Windows Logon Agent installer: change the agent registration dialog, use server address and port. Avoid the http/https mistake
  • » IIS Agent: Cross application pool authentication cache. Solved download offline address book issue.

Bug Fixes

  • » The second date/time slot in an access control policy is not working
  • » After user changed their info in DSS, user's info in DMC becomes uncertain.
  • » DMC can't generate token PIN with letters
  • » "User Must change Default PIN at Next Logon" does not work on MobileID & T-pass
  • » Radius Command does not trigger T-pass token auto provisioning
  • » Radius Proxy does not support long length password
  • » Certificate Activation Code length and character requirements does not work
  • » FlashPass Device Filter 'Allowed' & 'Denied' policy do not work properly
  • » No logs in audit when a cached password is used to login
  • » GridGo "Change Default Path" does not work
  • » Resetting event-based SafeID token caused error
  • » Some search filters for User don't work (Last Change Password, DN, etc)
  • » 'Send AC to user when created or assigned' does not work on Certificate Policy
  • » RADIUS attribute of the type Octets does not accept alphabetic letters
  • » Batch assign token will skip some tokens if the import file contains more than one kind of products.
  • » DMC: In Unit info dialog, the name field is showing the parent's name
  • » DMC: Does not support the XML format for importing user
  • » DMC: List duplicate delivery channels by click 'Update' button on Token Activation Code Window
  • » DMC: 'Save' action does not work after editing the Format and Priority on SMTP Message Template
  • » DMC: Option 'Remove assigned tokens' does not work on "Delete Tokens by Product" Task
  • » DMC: When complete a Certificate Request, got "Error: Parameter error: ['id' expected]"
  • » DMC: Complete Certificate Request pops up an error "Parameter error id expected"
  • » DMC: Some unsupported wildcards are listed in sms template
  • » DMC: 'Token is not found' when manually request activation code on Certificate.
  • » SSO: Got NullPointerException when no result item is in the server response
  • » SSO: Q&A logon steps returns an error message
  • » RADIUS Server: Password encoding algorithm is incorrect when password is longer than 16 bytes
  • » Windows Logon: On Windows 8 and Windows Server 2012, the logon client's background was sometime displayed incorrectly.

DualShield 5.6


New Features

  • » Support IBM Domino Directory Server
  • » Support IBM Tivoli Directory Server
  • » Support IBM Tivoli Access Manager WebSEAL
  • » Support 2X Application Server
  • » Support password authentication for LDAP users via MSCHAP2
  • » New policy option: Random Default PIN
  • » Windows Logon: Support AD domain suffixes
  • » Windows Logon: Support Single Sign-on (Windows 2008+)

Improvements

  • » Windows Logon Agent installer: Auto Registration supported
  • » RADIUS Server installer: Auto Registration supported
  • » Reclaim user licenses from orphaned users.
  • » License key transfer
  • » Upgraded to Twitter API 1.1
  • » Nested user group made visible in the Management Console
  • » RadiusAttribute and RadiusProfile become public objects
  • » Windows Phone 8 is recognized by provisioning server
  • » DMC/DSS Logout event is logged

Bug Fixes

  • » Creating certificate on Linux was extremely slow.
  • » Sending the next OTP (T-Pass policy) did not work if MSCHAP2 was used in RADIUS and the authenticator was StaticPass+ODP
  • » Audit export failed on Linux although it reported success.
  • » Cryptokey firmware upgrade did not work
  • » CryptoKey firmware options lost after restarted DualShield service
  • » Sending activation code caused exception "Error: Cannot get property 'options' on null object"
  • » When pin was due to be changed, the GridGo credential was not checked when resetting pin
  • » SafeID activation code was not sent when required by policy
  • » DMC did not check a token’s email address in the Push Token function
  • » Windows Logon: Access Control policy

DualShield 5.5 SP2


New Features

  • » Offline tokens for Windows & Mac logon can be downloaded automatically.

Improvements

  • » HTTP Proxy (of Message Gateways) did not work
  • » MS-CHAP2-Success attribute in RADIUS response was not implemented correctly
  • » Resetting Path for GridID generated error
  • » Login to safe mode did not work in previous releases of 5.5

Bug Fixes

  • » Email gateway checkboxes did not work

DualShield 5.5 SP1


New Features

  • » Resetting GridGo Path in SSO

Improvements

  • » New report template: "Users with Q&A Enabled"
  • » New policy option "Generate Random Path for New Token" in GridGo Policy
  • » New policy option "User Must Change Default Path at Next Logon" in GridGo Policy
  • » New policy option "User Must Change Default PIN at Next Logon" in GridGo Policy
  • » New policy option "Display Keypad" in GridGo Policy
  • » Remove "Status" when assigning token to an user in DMC
  • » New wildcards [[PIN]] and [[PATH]] in sending activation code template in DMC
  • » New "User Must Reset Path at Next Logon" option in reset path window of DMC
  • » Improve navigation by clicking grid cells of GridGo in SSO
  • » Seperated PIN input field when logging on with GridGo in SSO
  • » Shows a navigator when keypad is not displayed in SSO

Bug Fixes

  • » Email gateway checkboxes did not work

DualShield 5.5


New Features

  • »  ICE Logon Procedure
  • »  SSO Federation
  • »  Multiple Communication Gateways
  • »  AD Password Cache for Web & Windows Logon
  • »  FaceSense for Web & Windows Logon
  • »  VoiceSense for Web Logon
  • »  DevicePass for Window Logon
  • »  Q & A for VPN Logon

Improvements

  • »  TFA for Outlook Anywhere vastly improved with both "Client-less" and "Client mode" options
  • »  AD Identity source authentication now supports User Principle Name (UPN) and Down-Level Logon Name (loginname@domainname and domainname\loginname)
  • »  New policy option "Maximum Number of Uses" in T-Pass

Bug Fixes

  • »  "Deploy Tokens" in Domain/Unit/Group caused exception
  • »  T-Pass did not use the channel policy option to send next OTP.
  • »  Setting domains of a role would clear all permits
  • »  Domains with identical NETBIOS name caused Cross-Realm Domain Access error
  • »  The TypeSense training 'reset' icon was missing from the Window logon client x64 version
  • »  TFA bypassed if the UPN is used and the Enter key is pressed swiftly after username and password were entered
  • »  TFA bypassed if the login name was changed before the previous query returned.
  • »  If IPv6 enabled, Windows Logon configuration was not reloaded after the Save button is clicked.

DualShield 5.4 (SP3)


Bug Fixes

  • » The Audit Purge task causes exception

DualShield 5.4 (SP2)


Bug Fixes

  • » Registering GridID token in Self-service console causes exception
  • » Backend & Frontend installation options did not work properly

New Features

  • » "Deploy Tokens" will trigger the Client Provisioning policy option

DualShield 5.4 (SP1)


New Features

  • » Q&A is supported in RADIUS

DualShield 5.4


Bug Fixes

  • » MSCHAP2 did not work in RC2
  • » TPASS via CHAP/MSCHAP2 did not work in all previous versions
  • » Typesense only logon procedure password changing did not work properly.
  • » Q&A policy option maxsize and throttle was not checked
  • » Changing RADIUS attribute columns width caused exception in accounting/Radius report
  • » When failed to change password (via SSO), the audit showed succeeded.

DualShield 5.4 RC2


Bug Fixes

  • » Windows Logon was not functional in RC1
  • » SMTP TLS authentication did not work

DualShield 5.4 RC1


New Features

  • » Computer device authentication: DevicePass
  • » USB flash drive authentication: FlashPass
  • » Certificate authentication
  • » Certificate management
  • » RADIUS EAP/PEAP protocol
  • » RADIUS accounting
  • » Outlook Anywhere integration
  • » Exchange ActiveSync integration
  • » MobileID for Windows Phone

Improvements

  • » Approximate Matching in Q & A
  • » MobileID installer supports installation for current user only without admin privileges
  • » When the SMTP server doesn't require authentication, the system still works even the "require authentication" option is enabled in the SMTP server configuration
  • » New "bytes" function added to support RADIUS attribute mapping from string to bytes (octets)
  • » New "ReportResult" object added in role permits
  • » Dictionary for Infoblox added into the RADIUS server

Bug Fixes

  • » RADIUS logon: When the logon policy was set to "multi-factor is not required for all users", user could login with arbitrary password
  • » Windows Logon: Token provisioning did not work properly
  • » VMWare Logon: S_MFA_NOT_REQUIRED was incorrectly treated as failure
  • » RADIUS server: If the value of an attribute was great than 2^31, it was treated as minus signed integer.
  • » If "Valid for N minutes" was set to 0 in T-PASS policy, the code became invalid immediately.
  • » When a user had no token, Q&A defined in the logon procedure was not listed
  • » Role permit "Audit:view" did not work properly.
  • » Using radius command ">email user" caused exception if the SMTP server cannot relay the message
  • » Enhanced group membership checking to avoid looping membership
  • » Batch assign token had an error in its statistics
  • » Connecting a Radius proxy to Radius server caused exception "java.lang.ClassCastException"
  • » Opening role list tab caused "Cannot invoke method join() on null object"

DualShield 5.3


New Features

  • » Reporting
  • » Application self-test
  • » Default token PIN applied dynamically at runtime if it is required by the policy
  • » New wildcard [PIN] in the Send OTP template
  • » Reset LDAP user password via Management Console
  • » RADIUS accounting port (1813) is supported

Improvements

  • » The performance of AD connection is greatly improved
  • » The performance of the SSO server is greatly improved
  • » Login name is now case insensitive when authenticating via RADIUS/MSCHAP2
  • » During Safe Mode, the management console is only accessible from local machine
  • » When a user changed their static password, their TypeSense is automatically reset Li>Speed up authenticator listing at windows logon

Bug Fixes

  • » Pushing a token immediately generates an activation code, causing it to be always out of sync
  • » Token auto-sync did not work
  • » OTP in the "Register Token" did not work
  • » Assigning token from self-service would cause "access denied - token:assign" error
  • » Unable to unassign a token if the associated user is deleted in Active Directory
  • » MobileID got an error message 'Compulsory attributes missing' and it fails to install on java phone
  • » Expiration of Emergency Code did not work properly
  • » Searching LDAP users in OU did not work when the identity source's BaseDN is in different uppercase or lowercase to the LDAP server
  • » MobileID token download page for iphone/android did not select the given domain by default
  • » Windows logon did not reliably detect AD password expiration

DualShield 5.2


New Features

  • » New Mac Logon Agent
  • » New Access Control policy by IP addresses
  • » New option for installing MobileID token onto iPhone and Android
  • » Windows agent auto-discovery by DNS look-up
  • » Windows client diagnosis tool
  • » New task for changing token’s PIN

Improvements

  • » RADIUS server now supports multi-character sets
  • » Windows agent auto-discovery speeded up by local cache
  • » RADIUS servers logs the incoming request if its IP doesn't match any radius client

Bug Fixes

  • » RADIUS & VMWare View challenge response bug: sending OTP caused NULL pointer exception
  • » Special characters in LADP’s Access DN were not correctly escaped
  • » Searching users with some filters caused exception
  • » Windows offline token synchronisation
  • » Widows agent uninstaller did not remove the local token database file

Known Issues

  • » The option "Bypass two-factor authentication if the DualShield Server is not contactable" in the Windows Logon Agent does not function properly.

DualShield 5.2 RC2


New Features

  • »  Application Wizard

Improvements

  • »  Audit Export
  • »  IIS 7 Agent now supports 64bits & 32bits mixed mode

Bug Fixes

  • »  MobileID push and download URL were incorrect
  • »  A pending or expired token assignment was incorrectly counted as an active assignment

DualShield 5.2 RC1


New Features

  • »  Improved installer offering frontend & backend servers installation
  • »  Provisioning Server can be installed as a standalone server
  • »  Support multiple message templates
  • »  New offline policy for Windows logon
  • »  New IP Filter for the Windows logon agent
  • »  New IP Filter in the general logon policy
  • »  New VMWare View Agent
  • »  Import users from a CSV file
  • »  Import tasks from a script file
  • »  Support encrypted token seed file
  • »  Support agent auto registration
  • »  Safe Mode

Improvements

  • »  RADIUS authentication method now changed to logon procedure, offering C&R and real-time delivery of T-Pass one-time password in a multi-step logon procedure.
  • »  Support Token Auto-Provisioning in RADIUS logon
  • »  Policy options of Challenge Code moved to product
  • »  Support multiple tokens of different types in a single seed file
  • »  Provisioning Server detects Blackberry mobile phones
  • »  New feature, e.g. pushing token added to the self-service console

Bug Fixes

  • »  The Access User for LDAP had to reside in the Base DN
  • »  Server OTP in MobileID two-way authentication was incorrect
  • »  GPRS modem did not work
  • »  Authenticator list in Windows Logon went beyond domains in the realm
  • »  PIN history could not be disabled
  • »  Activation Code was not disabled after the token was downloaded
  • »  Challenge Code was not purged after expiration

DualShield 5.1


Bug Fixes

  • » Login to the management console with an LDAP user may cause Hibernate Exception
  • » The default policy and token attributes for a manually created authentication product is incomplete.
  • » "Challenge Sent" in audit trail logged with wrong type "FAILURE"
  • » The characters (\r\n) are not escaped in audit export file

Improvements

  • » Introduce two new domain attributes: "DNS Name" and "NetBios Name" in order to support multiple domains in a realm that’s assigned to a Windows Logon application.
  • » Record VPN client IP address in audit trail.

DualShield 5.1 RC2


Bug Fixes

  • » Access Control for Unit is effective but time period did not work properly
  • » After upgrading from old versions, an old policy created by previous versions may not contain newly introduced policy options
  • » When login to management console with an LDAP user, the group/unit query result may not be correct.

DualShield 5.1 RC1


New Features

  • » Access Control policy
  • » RADIUS authentication method: "Static Password >> Challlenge/Response"
  • » Set and reset PIN in RADIUS logon by new commands: >setpin and >resetpin
  • » Set and reset PIN in SSO logon
  • » Export and purge audit trail
  • » Support encrypted RSA SecureID seed data
  • » Support VASCO DigiPass tokens
  • » Support Oracle database
  • » Support PostgreSQL

Improvements

  • » MobileID client and token provisioning
  • » PIN policy moved to product policy
  • » "Require Static Password" option moved from logon procedure to T-Pass policy
  • » Other minor improvements

Bug Fixes

  • » SSL/HTTPS installation
  • » Requesting OTP via RADIUS commands, e.g. >sms did not work
  • » RADIUS attributes/profile attached to groups and units did not work
  • » Sending Emergency Code by SMS results in "Communicator error"
  • » RADIUS authentication "Static Password >> OTP" did not work with T-Pass
  • » RADIUS authentication "Static Password >> OTP" did not work with GridID
  • » Failthru authentication needs a dummy OTP token
  • » Other minor bugs

Known Issues

  • » Challenge & Response does not work on MobileID/iPhone
  • » Challenge & Response with PIN does not work on all MobileID clients
  • » Failthru as OTP does not work with "Static Password + OTP" and "OTP + Static Password"