FortiAuthenticator został zaktualizowany do wersji 5.4.0. W nowej wersji oprogramowania znajdziemy kilka usprawnień czy polepszenia wsparcia dla FortiTokena. Poza tym wprowadzono możliwość zmiany hasła dla użytkowników przy pierwszym logowaniu do Authenticatora. O kilku podobnych zmianach przeczytają Państwo w notatkach. Zapraszamy do aktualizacji oprogramowania.
Rozwiązane problemy:
Bug ID Description
496055 SMS token not sent when requested from FortiGate via RADIUS with specific gateway settings.
494702 Incorrect Content-Type in POST method when SMS token is requested from.
492354 When STARTTLS is used to send out emails, it fails without sending any traffic.
477632 Secondary LDAP server is not used for RSSO group resolution.
504812 RADIUS client’s list is not refreshing once a member is deleted.
492539 Linux Kernel TCP sequence number generation security weakness.
495751 Remote LDAP password renewal fails via RADIUS.
500679 FortiAuthenticator does not reliably respect configured FortiGate IP filter.
499949 Increase tablesize limit for „Remote LDAP Users Sync Rules”.
397359 LDAP connect fail log doesn’t display on GUI.
452878 Incorrect number of revocated certificates in CRLs.
492438 RADIUS authentications failure with Android phones with MSCHAPV2.
451990 Warning if FortiClient SSOMA secret key is larger than 15 characters.
501546 Unable to clone RADIUS client, GUI error.
486544 FortiAuthenticator fails to connect to AD after cluster failover.
489030 Disabling user account lockout policy will not disable maximum token code retry limit.
488794 FortiAuthenticator failed to connect to LDAP server.
493698 Windows Agent 2.0.2 bypasses two-factor authentication if FQDN name is entered for the user.
289457 FortiAuthenticator Windows Agent not pre-filling RDP domain in some circumstances.
476697 Incorrect password, email, and telephone number when importing local users from FortiGate config file.
489540 Attempt to clone a RADIUS client results in GUI error dump.
451555 User is deactivated if they don’t receive an SMS for self-service or guest portal.
463904 GUI error while re-enabling a user.
444060 Changes to RADIUS Client IP address are not reflected until the „Save” button in the profile section is selected.
476097 Can’t grant administrator privileges to remote users with spaces in their user name.
496813 FortiAuthenticator fails to upgrade from 4.3 (b0216) to 5.3 (b0284).
488079 Guest portal change profile can still be accessed when profile is set to view only.
436030 SAML IdP signature verification error on logout.
482284 Upgrade Apache.
491570 Support dual two-factor authentication for imported local users.
495395 SSL labs rating degraded due to support for weak DH key exchange parameters.
500932 Accept pound (#) and apostrophe (’) in usernames.
506306 FortiAuthenticator crashes when attempting to import MAC devices.
503506 TTLS authentication failure.
489005 Load-balancing doesn’t work until FortiAuthenticator KVM is rebooted.
505914 Signing in as a different user link is broken for SAML with wrong response input.
499997 Manually created devices not included in authorized device groups for guest portal device tracking.
504795 Temporary email tokens not sent to the self-service portal user when token is reported as lost.
504010 Crash when a regular APAC remote token user login into Guest Portal.
500576 When a FortiAuthenticator is acting as a RADIUS client, it fails to send a blank response to the challenge request to initiate a push auth.
480885 SAML authentication for remote RADIUS users causes webserver to crash.
488149 PCI – Do not allow AD users with expired passwords to change them without token entry.
486923 Unknown publisher warning when uninstalling FortiAuthenticator Agent.
499812 Token verification fails in guest portal.
483902 Remote LDAP post login edit profile issue.
498624 Unable to initiate push notifications via RADIUS requests.
482208 Integer type no longer supported for „event” field of /ssoauth/ endpoint.
493340 Load-balanced HA groups with password policy not synchronized.
488042 Remote LDAP users can’t access SAML login portal after promoted to administrator.
481878 Trying to login to guest portal with a user who doesn’t have RADIUS authentication enabled produces unhelpful error message.
493325 Password reset emails are being sent to users who do not have passwords assigned to them (e.g. FortiToken only authentication).
483921 Enable Smart Connect without profile.
485559 Should not allow FortiToken self-revocation actions to proceed if password is invalid (in PCImode).
492767 Should not show warning message when HTTP access is not enabled while configuring SCEP.
486190 Missing administrator profile permissions.
495440 Uploading license file produces system error.
504194 FortiAuthenticator models 2000E and 3000E report missing power supply units after being upgraded to 5.3.1.
487387 Custom fields are not shown in validation request email or GUI.
497106 FSSO (RADIUS accounting source) with mutliple AD’s failing.
Znane problemy do rozwiązania:
Bug ID Description
478985 FortiAuthenticator Windows Agent sometimes doesn’t see the domain name and user is not able to login.
504080 Possible NTLM thread leak.
503366 Monitor SSO domains show one DC as red on HA master and green on backup.
501832 Support RADIUS secrets of up to 64 characters.
482913 Information from authorityKeyIdentifier is not used to check the correct CRL for revocation status of user certificate.
503150 FortiAuthenticator syslog SSO matching rule – UnicodeEncodeError on sample data.
507246 FortiAuthenticator GUI login fails in Chrome and Firefox when two-factor authentication is used and site accessed is via FortiGate SSL VPN web portal.
438383 CRL HTTP retrieval is not working and documented properly.
461429 Unexpected guest portal user registration behavior with SMS.
492709 Downloading create_req.bat from self-service portal leads to error message.
463529 FortiAuthenticator SAML IdP support for Desktop/Thick O365 clients.
464556 Time-based user expiry configured in usage profile isn’t applied to users when they already have an expiry date configured.
503212 Device getting disconnections to DC and user authentication issues.
506294 FortiAuthenticator appears to truncate SSO groups found in long SAML attribute assertions leading to logon failures.
502007 The RADUIUS accounting and CoA did not take effect in FortiAuthenticator side.
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
