DualShield 5.6 SP5
New Features
- 2X: Supports 2X native integration (2X Application Server v10.6)
- RADIUS: New RADIUS client option: “Strip the realm from username at authentication”
- RADIUS: Supports Password Change in RADIUS Challenge/Response
- IIS Agent: IP Filter supports X-Forwarded-For
Improvements
- Emergency Code can now be deleted
- Windows Logon: Sometimes when starting the computer, only local computer shows up in the Domain list.
- Outlook Anywhere: DualShield Outlook Anywhere client now supports Microsoft Outlook Client 2013
Bug Fixes
- Windows Logon: on Windows 7, when a PC is locked, switching user and entering a wrong password will cause infinite loop.
DualShield 5.6 SP4
New Features
- Added “Token PIN” as an Authenticator for RADIUS-based applications.
- Supports Token PIN Change in RADIUS Challenge/Response
Improvements
- The length of token’s PIN can be varaible.
DualShield 5.6 SP3
New Features
- Added support for OpenLDAP
Improvements
- DAS now checks access control policy when checking radius proxy policy
- DAS now checks system RADIUS proxy policy when user is not found.
- DAS now checks IP access control policy when checking radius proxy policy
- Added “concat=5” to clickatell request to avoid error “Max message parts exceeded”
- Made Identity Attribute ‘type’ editable
- Windows Logon Agent installer: change the agent registration dialog, use server address and port. Avoid the http/https mistake
- IIS Agent: Cross application pool authentication cache. Solved download offline address book issue.
Bug Fixes
- The second date/time slot in an access control policy is not working
- After user changed their info in DSS, user’s info in DMC becomes uncertain.
- DMC can’t generate token PIN with letters
- “User Must change Default PIN at Next Logon” does not work on MobileID & T-pass
- Radius Command does not trigger T-pass token auto provisioning
- Radius Proxy does not support long length password
- Certificate Activation Code length and character requirements does not work
- FlashPass Device Filter ‘Allowed’ & ‘Denied’ policy do not work properly
- No logs in audit when a cached password is used to login
- GridGo “Change Default Path” does not work
- Resetting event-based SafeID token caused error
- Some search filters for User don’t work (Last Change Password, DN, etc)
- ‘Send AC to user when created or assigned’ does not work on Certificate Policy
- RADIUS attribute of the type Octets does not accept alphabetic letters
- Batch assign token will skip some tokens if the import file contains more than one kind of products.
- DMC: In Unit info dialog, the name field is showing the parent’s name
- DMC: Does not support the XML format for importing user
- DMC: List duplicate delivery channels by click ‘Update’ button on Token Activation Code Window
- DMC: ‘Save’ action does not work after editing the Format and Priority on SMTP Message Template
- DMC: Option ‘Remove assigned tokens’ does not work on “Delete Tokens by Product” Task
- DMC: When complete a Certificate Request, got “Error: Parameter error: [‘id’ expected]”
- DMC: Complete Certificate Request pops up an error “Parameter error id expected”
- DMC: Some unsupported wildcards are listed in sms template
- DMC: ‘Token is not found’ when manually request activation code on Certificate.
- SSO: Got NullPointerException when no result item is in the server response
- SSO: Q&A logon steps returns an error message
- RADIUS Server: Password encoding algorithm is incorrect when password is longer than 16 bytes
- Windows Logon: On Windows 8 and Windows Server 2012, the logon client’s background was sometime displayed incorrectly.
DualShield 5.6
New Features
- Support IBM Domino Directory Server
- Support IBM Tivoli Directory Server
- Support IBM Tivoli Access Manager WebSEAL
- Support 2X Application Server
- Support password authentication for LDAP users via MSCHAP2
- New policy option: Random Default PIN
- Windows Logon: Support AD domain suffixes
- Windows Logon: Support Single Sign-on (Windows 2008+)
Improvements
- Windows Logon Agent installer: Auto Registration supported
- RADIUS Server installer: Auto Registration supported
- Reclaim user licenses from orphaned users.
- License key transfer
- Upgraded to Twitter API 1.1
- Nested user group made visible in the Management Console
- RadiusAttribute and RadiusProfile become public objects
- Windows Phone 8 is recognized by provisioning server
- DMC/DSS Logout event is logged
Bug Fixes
- Creating certificate on Linux was extremely slow.
- Sending the next OTP (T-Pass policy) did not work if MSCHAP2 was used in RADIUS and the authenticator was StaticPass+ODP
- Audit export failed on Linux although it reported success.
- Cryptokey firmware upgrade did not work
- CryptoKey firmware options lost after restarted DualShield service
- Sending activation code caused exception “Error: Cannot get property ‘options’ on null object”
- When pin was due to be changed, the GridGo credential was not checked when resetting pin
- SafeID activation code was not sent when required by policy
- DMC did not check a token’s email address in the Push Token function
- Windows Logon: Access Control policy
DualShield 5.5 SP2
New Features
- Offline tokens for Windows & Mac logon can be downloaded automatically.
Improvements
- HTTP Proxy (of Message Gateways) did not work
- MS-CHAP2-Success attribute in RADIUS response was not implemented correctly
- Resetting Path for GridID generated error
- Login to safe mode did not work in previous releases of 5.5
Bug Fixes
- Email gateway checkboxes did not work
DualShield 5.5 SP1
New Features
- Resetting GridGo Path in SSO
Improvements
- New report template: “Users with Q&A Enabled”
- New policy option “Generate Random Path for New Token” in GridGo Policy
- New policy option “User Must Change Default Path at Next Logon” in GridGo Policy
- New policy option “User Must Change Default PIN at Next Logon” in GridGo Policy
- New policy option “Display Keypad” in GridGo Policy
- Remove “Status” when assigning token to an user in DMC
- New wildcards [[PIN]] and [[PATH]] in sending activation code template in DMC
- New “User Must Reset Path at Next Logon” option in reset path window of DMC
- Improve navigation by clicking grid cells of GridGo in SSO
- Seperated PIN input field when logging on with GridGo in SSO
- Shows a navigator when keypad is not displayed in SSO
Bug Fixes
- Email gateway checkboxes did not work
DualShield 5.5
New Features
- ICE Logon Procedure
- SSO Federation
- Multiple Communication Gateways
- AD Password Cache for Web & Windows Logon
- FaceSense for Web & Windows Logon
- VoiceSense for Web Logon
- DevicePass for Window Logon
- Q & A for VPN Logon
Improvements
- TFA for Outlook Anywhere vastly improved with both “Client-less” and “Client mode” options
- AD Identity source authentication now supports User Principle Name (UPN) and Down-Level Logon Name (loginname@domainname and domainname\loginname)
- New policy option “Maximum Number of Uses” in T-Pass
Bug Fixes
- “Deploy Tokens” in Domain/Unit/Group caused exception
- T-Pass did not use the channel policy option to send next OTP.
- Setting domains of a role would clear all permits
- Domains with identical NETBIOS name caused Cross-Realm Domain Access error
- The TypeSense training ‘reset’ icon was missing from the Window logon client x64 version
- TFA bypassed if the UPN is used and the Enter key is pressed swiftly after username and password were entered
- TFA bypassed if the login name was changed before the previous query returned.
- If IPv6 enabled, Windows Logon configuration was not reloaded after the Save button is clicked.
DualShield 5.4 (SP3)
Bug Fixes
- The Audit Purge task causes exception
DualShield 5.4 (SP2)
Bug Fixes
- Registering GridID token in Self-service console causes exception
- Backend & Frontend installation options did not work properly
New Features
- “Deploy Tokens” will trigger the Client Provisioning policy option
DualShield 5.4 (SP1)
New Features
- Q&A is supported in RADIUS
DualShield 5.4
Bug Fixes
- MSCHAP2 did not work in RC2
- TPASS via CHAP/MSCHAP2 did not work in all previous versions
- Typesense only logon procedure password changing did not work properly.
- Q&A policy option maxsize and throttle was not checked
- Changing RADIUS attribute columns width caused exception in accounting/Radius report
- When failed to change password (via SSO), the audit showed succeeded.
DualShield 5.4 RC2
Bug Fixes
- Windows Logon was not functional in RC1
- SMTP TLS authentication did not work
DualShield 5.4 RC1
New Features
- Computer device authentication: DevicePass
- USB flash drive authentication: FlashPass
- Certificate authentication
- Certificate management
- RADIUS EAP/PEAP protocol
- RADIUS accounting
- Outlook Anywhere integration
- Exchange ActiveSync integration
- MobileID for Windows Phone
Improvements
- Approximate Matching in Q & A
- MobileID installer supports installation for current user only without admin privileges
- When the SMTP server doesn’t require authentication, the system still works even the “require authentication” option is enabled in the SMTP server configuration
- New “bytes” function added to support RADIUS attribute mapping from string to bytes (octets)
- New “ReportResult” object added in role permits
- Dictionary for Infoblox added into the RADIUS server
Bug Fixes
- RADIUS logon: When the logon policy was set to “multi-factor is not required for all users”, user could login with arbitrary password
- Windows Logon: Token provisioning did not work properly
- VMWare Logon: S_MFA_NOT_REQUIRED was incorrectly treated as failure
- RADIUS server: If the value of an attribute was great than 2^31, it was treated as minus signed integer.
- If “Valid for N minutes” was set to 0 in T-PASS policy, the code became invalid immediately.
- When a user had no token, Q&A defined in the logon procedure was not listed
- Role permit “Audit:view” did not work properly.
- Using radius command “>email user” caused exception if the SMTP server cannot relay the message
- Enhanced group membership checking to avoid looping membership
- Batch assign token had an error in its statistics
- Connecting a Radius proxy to Radius server caused exception “java.lang.ClassCastException”
- Opening role list tab caused “Cannot invoke method join() on null object”
DualShield 5.3
New Features
- Reporting
- Application self-test
- Default token PIN applied dynamically at runtime if it is required by the policy
- New wildcard [PIN] in the Send OTP template
- Reset LDAP user password via Management Console
- RADIUS accounting port (1813) is supported
Improvements
- The performance of AD connection is greatly improved
- The performance of the SSO server is greatly improved
- Login name is now case insensitive when authenticating via RADIUS/MSCHAP2
- During Safe Mode, the management console is only accessible from local machine
- When a user changed their static password, their TypeSense is automatically reset Li>Speed up authenticator listing at windows logon
Bug Fixes
- Pushing a token immediately generates an activation code, causing it to be always out of sync
- Token auto-sync did not work
- OTP in the “Register Token” did not work
- Assigning token from self-service would cause “access denied – token:assign” error
- Unable to unassign a token if the associated user is deleted in Active Directory
- MobileID got an error message ‘Compulsory attributes missing’ and it fails to install on java phone
- Expiration of Emergency Code did not work properly
- Searching LDAP users in OU did not work when the identity source’s BaseDN is in different uppercase or lowercase to the LDAP server
- MobileID token download page for iphone/android did not select the given domain by default
- Windows logon did not reliably detect AD password expiration
DualShield 5.2
New Features
- New Mac Logon Agent
- New Access Control policy by IP addresses
- New option for installing MobileID token onto iPhone and Android
- Windows agent auto-discovery by DNS look-up
- Windows client diagnosis tool
- New task for changing token’s PIN
Improvements
- RADIUS server now supports multi-character sets
- Windows agent auto-discovery speeded up by local cache
- RADIUS servers logs the incoming request if its IP doesn’t match any radius client
Bug Fixes
- RADIUS & VMWare View challenge response bug: sending OTP caused NULL pointer exception
- Special characters in LADP’s Access DN were not correctly escaped
- Searching users with some filters caused exception
- Windows offline token synchronisation
- Widows agent uninstaller did not remove the local token database file
Known Issues
- The option “Bypass two-factor authentication if the DualShield Server is not contactable” in the Windows Logon Agent does not function properly.
DualShield 5.2 RC2
New Features
- Application Wizard
Improvements
- Audit Export
- IIS 7 Agent now supports 64bits & 32bits mixed mode
Bug Fixes
- MobileID push and download URL were incorrect
- A pending or expired token assignment was incorrectly counted as an active assignment
DualShield 5.2 RC1
New Features
- Improved installer offering frontend & backend servers installation
- Provisioning Server can be installed as a standalone server
- Support multiple message templates
- New offline policy for Windows logon
- New IP Filter for the Windows logon agent
- New IP Filter in the general logon policy
- New VMWare View Agent
- Import users from a CSV file
- Import tasks from a script file
- Support encrypted token seed file
- Support agent auto registration
- Safe Mode
Improvements
- RADIUS authentication method now changed to logon procedure, offering C&R and real-time delivery of T-Pass one-time password in a multi-step logon procedure.
- Support Token Auto-Provisioning in RADIUS logon
- Policy options of Challenge Code moved to product
- Support multiple tokens of different types in a single seed file
- Provisioning Server detects Blackberry mobile phones
- New feature, e.g. pushing token added to the self-service console
Bug Fixes
- The Access User for LDAP had to reside in the Base DN
- Server OTP in MobileID two-way authentication was incorrect
- GPRS modem did not work
- Authenticator list in Windows Logon went beyond domains in the realm
- PIN history could not be disabled
- Activation Code was not disabled after the token was downloaded
- Challenge Code was not purged after expiration
DualShield 5.1
Bug Fixes
- Login to the management console with an LDAP user may cause Hibernate Exception
- The default policy and token attributes for a manually created authentication product is incomplete.
- “Challenge Sent” in audit trail logged with wrong type “FAILURE”
- The characters (\r\n) are not escaped in audit export file
Improvements
- Introduce two new domain attributes: “DNS Name” and “NetBios Name” in order to support multiple domains in a realm that’s assigned to a Windows Logon application.
- Record VPN client IP address in audit trail.
DualShield 5.1 RC2
Bug Fixes
- Access Control for Unit is effective but time period did not work properly
- After upgrading from old versions, an old policy created by previous versions may not contain newly introduced policy options
- When login to management console with an LDAP user, the group/unit query result may not be correct.
DualShield 5.1 RC1
New Features
- Access Control policy
- RADIUS authentication method: “Static Password >> Challlenge/Response”
- Set and reset PIN in RADIUS logon by new commands: >setpin and >resetpin
- Set and reset PIN in SSO logon
- Export and purge audit trail
- Support encrypted RSA SecureID seed data
- Support VASCO DigiPass tokens
- Support Oracle database
- Support PostgreSQL
Improvements
- MobileID client and token provisioning
- PIN policy moved to product policy
- “Require Static Password” option moved from logon procedure to T-Pass policy
- Other minor improvements
Bug Fixes
- SSL/HTTPS installation
- Requesting OTP via RADIUS commands, e.g. >sms did not work
- RADIUS attributes/profile attached to groups and units did not work
- Sending Emergency Code by SMS results in “Communicator error”
- RADIUS authentication “Static Password >> OTP” did not work with T-Pass
- RADIUS authentication “Static Password >> OTP” did not work with GridID
- Failthru authentication needs a dummy OTP token
- Other minor bugs
Known Issues
- Challenge & Response does not work on MobileID/iPhone
- Challenge & Response with PIN does not work on all MobileID clients
- Failthru as OTP does not work with “Static Password + OTP” and “OTP + Static Password”