Producent oprogramowania Fortinet udostępnił najnowszy update dla FortiAuthenticator 6.4.8. W tym wydaniu znajdziemy dużo poprawek związanych z poprawnością działania np. we współpracy z klastrem HA. Naprawiono również problem, który powodował awarię RADIUS podczas logowania administratora. Więcej informacji na temat wprowadzonych zmian można znaleźć w artykule poniżej.
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 901379 | HA cluster failover causes FortiAuthenticator to give up on logging. |
| 829365 | Azure administrator password reset not working reliably. |
| 940209 | Expired OAuth tokens are never purged. |
| 943410 | SAML IdP loses RelayState after a failed IAM login attempt. |
| 938777 | The DC agent debug logging responsible for excessive disk I/O when polling 25 event log sources. |
| 942902 | RADIUS crashes for administrator login after upgrading to 6.4.1. |
| 923385 | FortiAuthenticator leaves the token in the assigned state with no user when syncing a new token assignment from LDAP. |
| 942103 | SMS Gateway with HTTP GET method sends HTTP parameters in an incorrect order. |
| 914030 | FortiAuthenticator does not reach 100% of the processed windows events and experiences delay. |
| 922514 | Secondary HA interface not responding to SNMP queries. |
| 929675 | Undetected reference error after logging in to the SAML IdP portal. |
| 908142 | Using Yubikey as the OTP second factor will increase drift/counter unexpectedly. |
| 920749 | Authentication API response missing the message field. |
| 922632 | FortiGate FortiCloud SSO IAM login. |
| 903356 | HA: Rebooting the cluster passive node breaks the application of new settings if the role remains unchanged. |
| 903163 | HA: CLI pre-auth warning is not applied when the setting is toggled on. Toggling off works. It also works after changing the warning message. |
| 921574 | 403 error with SAML IAM login where the SP has HTTP-POST enabled. |
| 931970 | FortiAuthenticator 2000E power supply monitor should show PSUs as vertically aligned. |
| 854050 | It takes a long time for FortiAuthenticator to reflect active certificates in the GUI after successful SCEP enrollment request. |
| 915152 | Remote sync rule assigns a new Mobile Token again after the OTP is manually disabled for the user. |
| 904790 | Registering and then cancelling on a captive portal results in error 404. |
| 898045 | Internal Server Error for the /api/v1/systeminfo/ endpoint when provisioning a new instance. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 939073 | Subject NameID under Assertion Attribute Configuration is not defaulting to the username. |
| 842886 | Upgrading FortiAuthenticator in HA-LB removes the MAC-address records form the LB node. |
| 943251 | By clicking on the Go button on the Login page, the user gets the Your Account ID or Password is incorrect error message. |
| 853068 | On the session expired token page, entering the wrong token does not redirect to the Login page. |
| 922038 | AWS FortiAuthenticator SMTP connection being terminated after connection timeout. |
| 919941 | VPN tunnel cannot be up after failover to a secondary FortiAuthenticator. |
| 884299 | The HA load balancer node is not synchronizing. |
| 936220 | Registering an already existing username triggers 500 error. |
Notatki producenta: FortiAuthenticator 6.4.8
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
