FortiAuthenticator został zaktualizowany do wersji 5.4.1. W ostatniej wersji oprogramowania 5.4.0 znalazło się kilka usprawnień dla FortiTokena. Poza tym wprowadzono możliwość zmiany hasła dla użytkowników przy pierwszym logowaniu do produktu FortiAuthenticator. W wersji 5.4.1 producent nie wprowadza nowych rozwiązań, rozwiązano natomiast problemy wykryte w poprzedniej wersji produktu. Zachęcamy do aktualizacji swojego oprogramownia!
Rozwiązane problemy:
Bug ID Description
508489 AD Server Monitoring for FSSO.
509458 Syslog SSO isn’t working.
509447 Transfer token gets an error code 2 on FortiAuthenticator 5.4.0.
507719 Guest portal HTML errors for both SmartConnect and MAC address Bypass when Remote Users
are used.
508762 Slony slave does not automatically recover from incorrect number of subscribed sets.
508767 Push notifications break HA setup processes on both master and slave.
509018 [500k+ users] HA – Both Slony and LB timeouts are not long enough for very large tables.
509907 LB slave will not reconnect to cluster master when there is no or minimal traffic from cluster slave.
508765 RADIUS: Excessive client collection logs occur when many RADIUS clients are configured.
507172 Change password fails in FortiGate SSL-VPN case if LDAP user has two-factor authentication
enabled.
510530 SAML IdP fixes – Return to SP when no sp_data, cookie parsing fixes, avoid self-redirection.
Znane problemy do rozwiązania:
Bug ID Description
454052 Push notifications aren’t being sent out to guest users.
483582 Single Sign-On Mobility Agent fails if remote LDAP server is configured with Hostname instead of
IP address.
488794 FortiAuthenticator fails to connect to LDAP server.
409763 SAML SP : SLS logout URL does not work, and returns an error page instead.
410566 SAML SP: Group list doesn’t include selected implicit group when LDAP lookup option is selected.
509340 IP address changes on existing SSO sessions take too long to be re-verified.
460960 Support for remote RADIUS challenges in guest portals.
453822 Guest Portal: If HOTP token is out of sync, the guest portal login fails.
485621 After resetting a password when logging in via guest portal, the success page links the user to the
self-service portal instead of the guest portal.
488991 Sponsor selection dropdown doesn’t get added to the guest portal self-registration replacement
messages after upgrading to 5.3.0.
488992 After upgrading the firmware, restoring the default replacement messages for a modified guest
portal self-registration page doesn’t add the Sponsor field.
491725 Microsoft Edge removes the referer field, causing a CSRF error.
485559 With PCI mode enabled, FortiToken self-revocation actions should not be allow to proceed if
password is invalid.
467587 FQDN / CN comparison for admin GUI SSL certificate is case-sensitive.
468827 When a basic user is promoted to Admin role, their account’s expiration date should be removed.
454016 Cannot unassign FortiTokens that are assigned to guest users.
481203 On the Edit RADIUS Client page, clicking the OK button too quickly after clicking Save can result
in changes not being saved or an error.
462772 Demoting a remote admin account who has an FortiToken assigned to a user account causes a
system error.
476697 When importing local users from a FortiGate configuration file, email addresses and telephone
numbers are not imported.
488149 PCI – Do not allow AD users with expired passwords to change them without token entry.
451990 Warning if FortiClient SSOMA secret key is larger than 15 characters.
476087 Can’t grant administrator privileges to remote user with a space in their user name.
486544 FortiAuthenticator fails to connect to AD after cluster failover.
489005 Load-balancing doesn’t work until after a reboot on FortiAuthenticator KVM.
511093 Radiusd on LB slave FortiAuthenticator in HA setup keeps crashing if large custom radius
dictionary is uploaded to the master.
399417 FortiAuthenticator 4.0 – Failover to seconday LDAP server does not occur immediately, and then
is not effective.
482913 Information from authorityKeyIdentifier is not used to check the correct CRL for revocation status
of user cert.
436030 SAML IdP: Signature verification error on logout.
486198 Token self-provisioning doesn’t work for remote users who belong to a group that uses an LDAP
filter.
464556 Time-based user expiry configured in usage profile isn’t applied to users when they already have
an expiry date configured.
470667 FortiAuthenticator Windows Agent ignores certificate revocation.
449443 FortiAuthenticator Windows Agent does not display the user credentials when access the server
through RDP.
486923 Unknown Publisher warning when uninstalling FortiAuthenticator Windows Agent.
Zachęcamy do przeczytania notatek: Notatki do wydania
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie