Recent Changes - Search:


Portal Guard Version5-Fix List

PortalGuard Version 5.x

2016-05-24 - v5.4.0.2

  1. Support for Forms-based SSO enrollment to request additional input fields from user during enrollment (besides username & password)
  2. Forms-based SSO pre-fetch type (popup or IFRAME) is now configurable per website

2016-05-08 - v5.4.0.1

  1. Returning any relaystate from originating SP during SP-initiated SLO

2016-05-06 - v5.4.0.1

  1. Support for IdP-initiated SAML SLO via HTTP Redirect binding (via web browser redirection)
  2. Fix for using the proper subject, "from" and body settings for emailed OTPs. It had been using the SMS values.

2016-05-05 - v5.4.0.0

  1. Support for SP-initiated SAML SLO via HTTP Redirect binding (via web browser redirection)

2016-05-04 - v5.4.0.0

  1. Changed MessageMedia to always use "+{COUNTRY-CODE}{NUMBER}"

2016-04-22 - v5.3.3.3

  1. Optional anti-CSRF support during login activities (enabled in bootstrap, still disabled by default)

2016-04-13 - v5.3.3.3

  1. Manually setting WinHTTP TLS types to support TLS 1.2 using the WINHTTP_OPTION_SECURE_PROTOCOLS option. Required when PG IIS site is configured to use something like TLS 1.1 and 1.2 only. The PG IIS server simply resets the connection when it sees ciphers it doesn't support.

2016-04-04 - v5.3.3.2

  1. Fix for multiple CAS identifiers in the same config when dupe ID support is enabled

2016-03-24 - v5.3.3.2

  1. Allowing "OTP Only" logins to use a password initially to enroll a phone (otherwise, they must import a 2FA method!)
  2. Fix for showing correct display name of "primary" user repository in password sync results (had been assuming the default repository)

2016-03-14 - v5.3.3.1 (forward port from v5.3.2.6)

  1. Fix for breaking change in Regroup's SMS API. They changed the name of the XML element containing the destination phone number which prevented SMS messages from being accepted/delivered.

2016-03-09 - v5.3.3.1

  1. Support for 2nd SQL password salt value/column

2016-02-29 - v5.3.3.1

  1. For SSO Toolbar vault (encryption)

2016-02-22 - v5.3.3.0

  1. Support for Chrome SSO Toolbar
  2. New Forms-SSO type for "Fixed Credentials" - does NOT require the PGUP cookie! (update in IdP_Config.exe as well)

2016-02-18 - v5.3.2.5

  1. Fix for username prefixes or suffixes not being removed in HelpDesk app. User type-ahead works, but modifying a user returns "Unknown user" error.

2016-02-17 - v5.3.2.4

  1. Fix crash on *successful* AD password changes when Native Windows feature is disabled.

2016-02-16 - v5.3.2.4

  1. Fix for Mobile App and RSA OTP types being recognized for SSPR usage

2016-02-15 - v5.3.2.3

  1. Reporting fix for more complex queries - allowing start/end date to be configured in report XML

2016-02-14 - v5.3.2.2

  1. New API for getting user groups/roles and OUs

2016-02-12 - v5.3.2.1

  1. For Forms-Based SSO, ensuring "Accept: */*" is always being sent as a request header when adding a site/testing creds

2016-01-09 - v5.3.2.1

  1. Now performing case-INsensitive searches for username in new password when AD PW Complexity checking is enabled.

2016-01-08 - v5.3.2.0

  1. Support for duplicate CAS identifiers
  2. Support for hiding relying party conifgurations in UI (SAML, Ws-Fed and CAS only)

2015-12-23 - v5.3.2.0

  1. Responsive UI to support usage from phones and tablets (uses the Bootstrap framework)
  2. Support for external authentication as additional OTP type (e.g. pattern-based auth)

2015-12-22 - v5.3.1.3

  1. Support for read-only WordPress PHpass password hashing, password update NOT supported!

2015-12-15 - v5.3.1.0

  1. Re-versioned just to keep pace/tie-in with PG_IdP project

2015-12-03 - v5.3.0.6

  1. Kiosk support for "Remember Browser" KBA & 2FA feature

2015-12-02 - v5.3.0.6

  1. SQL repository support for .NET Identity 2.0 framework (replaces .NET Membership providers). Uses PBKDF2.

2015-11-17 - v5.3.0.5

  1. Getting MS-specific error codes even when using generic LDAP

2015-10-23 - v5.3.0.3

  1. Always clearing self-registration CAPTCHA cookie upon successful self registration. Otherwise, repeated self-regs always resulted in bad captcha on subsequent attempt
  2. Forgot username functionality

2015-10-16 - v5.3.0.2

  1. Full challenge answer normalization (remove all non-alpha numeric chars, then convert to lowercase, then hash/save)

2015-10-15 - v5.3.0.2

  1. 'No Access' mode for Website logins
  2. Adding PID to log file names is now configurable in PG_Config/IdP_Config

2015-10-13 - v5.3.0.1

  1. Clickatell SMS support

2015-10-08 - v5.3.0.0

  1. Adding PID to PG and IdP log file names to support multiple PG websites (w3wp.exe) on same server
  2. Specifying ACL on mutexes to allow RADIUS service and IIS websites to access them on Win2012. Website was getting ACCESS DENIED when run as standard App Pool identity.

2015-10-02 - v5.3.0.0

  1. Optional SQL isolation for each PG repository

2015-09-14 - v5.2.2.0

  1. Support for RADIUS ACLs

2015-08-31 - v5.2.1.1

  1. Support for caching mobile app OTPs to prevent timeouts during SSPR

2015-08-18 - v5.2.1.0

  1. Support for SQL roles for security policy resolution and IdP authorization

2015-08-18 - v5.2.0.1

  1. Added support for SQL CHAR type

2015-08-14 - v5.2.0.0

  1. Updated version to bring in line with PG_IdP.dll

2015-07-27 - v5.1.0.2

  1. Only initializing Kerberos for w3wp.exe processes. Had been throwing an error in the PG RADIUS service.

2015-07-23 - v5.1.0.2

  1. New RADIUS configuration option to use a static security policy
  2. Voice OTP support for Regroup

2015-07-16 - v5.1.0.1

  1. New option to allow challenge answers containing a single, repeated character (disables our default check)

2015-07-16 - v5.1.0.1

  1. Changed mandatory answer batch import default behavior to no longer delete optional challenge answers when none are supplied. POST "ClearOptAnswers=1" to revert to old default behavior.

2015-07-01 - v5.1.0.0

  1. Built-in Kerberos ticket decryption (new API entry point). Needs PG.NET.dll v1.2.9.0 as well!

2015-06-25 - v5.0.1.3

  1. Fix for utilizing SQL password hash encoding when salting is NOT enabled. Prior to this fix, the setting was only read in when salting was enabled.

2015-05-09 - v5.0.1.2

  1. Support for sending pw expiration email reminders to users with passwords that have expired for any number of days

2015-05-08 - v5.0.1.1

  1. Fix for users attempting to use SSPR before they have enrolled - caused bogus Phone enrollment dialog to appear that resulted in 1104 error

2015-04-30 - v5.0.1.1

  1. Ensuring labels in Windows Event Logging are unique
  2. Added more info for Windows Event Logging for RADIUS actions (continue, error)

2015-04-29 - v5.0.1.1

  1. Support for SQL username look-ahead query to only contain a single '?' param for username.

2015-04-27 - v5.0.1.0

  1. Support for parameterized queries and stored procedures for updating SQL-based user repositories

2015-04-25 - v5.0.0.3

  1. Regroup SMS support

2015-04-24 - v5.0.0.2

  1. Twilio SMS support

2015-04-17 - v5.0.0.1

  1. New entry points for creating SQL report logging thread - called by RADIUS service

2015-04-07 - v5.0.0.0

  1. Saving OTP type in reporting data for 2FA/OTP only
  2. Sending email without MIME to prevent SMS from showing "Attachment(s) removed"
  3. Including authentication type in Windows Event Logging
  4. Added more SSPR authentication type details in reports

2015-04-02 - v5.0.0.0

  1. Fixed bug that caused "OTP only" login to always use phone SMS as the OTP type

2015-03-29 - v5.0.0.0

  1. Improved cookie-based SSO:
  2. Own decryption page/module
  3. Single-use cookies
  4. Variable encryption keys per policy

2015-03-18 - v5.0.0.0

  1. Updated Dashboard reports framework
Page last modified on July 20, 2016, at 02:28 PM