FortiAuthenticator 6.5.3 to najnowsza wersja oprogramowania z rodziny 6.5 dedykowanego dla FortiAuthenticator, zaawansowanego narzędzia do zarządzania uwierzytelnianiem w sieciach. Nowa wersja to łatka poprawiająca błędy w działaniu rozwiązania. W nowej wersji 6.5.3 naprawiono błąd „500 Internal Server Error” podczas importowania grup LDAP zdalnych jako grupy SSO, poprawiono obsługę serwera RADIUS, usprawniono przetwarzanie zdarzeń Windows w FortiAuthenticator, osiągając 100% przetworzonych zdarzeń i unikając opóźnień.

Rozwiązane problemy:

W FortiAuthenticator 6.5.3 rozwiązano wiele istotnych problemów, co przyczynia się do poprawy stabilności i wydajności oprogramowania. Oto kilka z rozwiązanych problemów:

1. Poprawiono błąd umożliwiający logowanie przez SSO IAM do FortiGate FortiCloud.
2. Naprawiono błąd „500 Internal Server Error” podczas importowania grup LDAP zdalnych jako grupy SSO.
3. Zaktualizowano obsługę RADIUS Access-Accept w celu prawidłowego zwracania nazwy użytkownika UPN.
4. Rozwiązano problem z niepewnym resetowaniem hasła administratora Azure.
5. Usunięto okazjonalny błąd „500 Internal Server Error” po zalogowaniu administratora.
6. Zapobieżono możliwości eksportu klucza Root CA i certyfikatu po zmodyfikowaniu GUI.
7. Naprawiono problem z przypisywaniem identycznych nazw claim różnym stroną polegającym na SSO.
8. Poprawiono wygląd Monitora, przyciski „Collapse” działają poprawnie.
9. Umożliwiono czytelniejsze zdefiniowanie typu zakresu.
10. Odpowiedź API uwierzytelniania zawiera teraz pole wiadomości.
11. Usprawniono przetwarzanie zdarzeń Windows w FortiAuthenticator, osiągając 100% przetworzonych zdarzeń i unikając opóźnień.
12. Rozwiązano błąd GUI podczas tworzenia nowej strony polegającej na OAuth.
13. Odpowiedź OAuth teraz zawiera zakresy, nawet jeśli nie są one skonfigurowane dla danej strony polegającej.

Rozwiązanie tych problemów w FortiAuthenticator 6.5.3 przyczynia się do poprawy działania oprogramowania i zapewnia bardziej stabilne i niezawodne środowisko zarządzania uwierzytelnianiem.

Bug ID	Description
922632	FortiGate FortiCloud SSO IAM login.
915248	500 internal server error when importing remote LDAP groups as SSO groups.
919817	RADIUS Access-Accept does not return User-Name as UPN.
829365	Azure admin password reset is not working reliably.
927907	Occasional 500 error after an admin logs in.
915898	Root CA key and certificate can be exported after modifying the GUI.
931970	FortiAuthenticator 2000E power supply monitor should show PSUs as vertically aligned.
918513	Trusted endpoint SSO fails with FortiAuthenticator sending TCP RST to client.
930090	Collapse buttons in Monitor > SSO > Domains page does not work.
923977	Change the scope type to something more readable.
917607	Inability to assign identical claim names to different relying parties.
920749	Authentication API response is missing the message field.
914030	FortiAuthenticator does not reach 100% of the processed windows events and experiences delays.
928812	GUI error when creating a new OAuth relying party.
922839	OAuth response contains scopes even when they are not configured for the relying party.
919820	CA certificate Advanced Options: Key Usages section elements misformatted.
921791	The user registration on a captive portal is not working after successful token verification.
926151	Inline script cannot be executed in the User Registration Confirmation and User Registration Receipt pages.
876897	FortiAuthenticator memory usage showing in the widget does not match with memory usage from SNMP (facSysMemUsage).
908291	FortiAuthenticator does not properly revoke a user certificate.
926650	500 error when registering a portal device.
917321	500 error when creating a RADIUS policy with MAB and eduroam enabled.
921574	Having enabled HTTP-POST in the SP for SAML IAM login results in 403 error.
915152	Remote sync rule assigns a new mobile token again after the OTP is manually disabled for the user.
908142	Using Yubikey as OTP second factor increases drift/counter unexpectedly.
924305	An Uncaught TypeError: o.includes is not a function error in Authentication > User Management > Local Users.
927254	Revoke button for the root CA should be grayed out.
925486	JavaScript error when trying to log off an FSSO session.
925741	JS error o.includes is not a function shows up on several GUI pages.
926693	REST API – Internal server error while trying to modify existing RADIUS attributes using PUT call.
906339	RADIUS attributes cannot be added to local users via REST API ( Error: local variable 'vendor' referenced before assignment).
927110	Admin GUI message when using the trusted endpoint SSO feature.
926587	OAuth – Internal server error while trying to get an authentication code when no scopes are configured for the RP.
925860	REST API debug report not decrypting properly.
923596	Preserve the scopes when upgrade from 6.4.
861557	Remote user sync rules – Set group filter is not working if OU has special characters in name, e.g., ( , ) , +.
901379	HA cluster failover causes FortiAuthenticator to give up on logging.
923401	SAML FSSO returns error 403 when the FSSO session is removed.
921975	Same OAuth relying party scope created multiple times.
925303	Authorize or Deny page does not show up in the code base for OAuth relying party.
919706	FIDO login with remote admin users fail on the SAML IdP portal due to an attribute error.
917772	Trusted endpoint SSO produces 500 internal server error when an AzureAD workstation joins by using a custom domain name.
905593	Admin username is missing from the log details after an upgrade.
918507	Portals not saving the Restrict token self-provisioning to members of specific groups setting.
919755	500 error after successful SAML authentication with local admin user on a FIDO portal.
915713	Trusted SSO default port 8008 is in conflict with the FortiGate default open http port 8008 for FortiGuard.
921007	SAML token retry error on FIDO authentication when previous FIDO authentication has failed.
919326	Memory leak in the fn_hash_table if a collision occurs.
901776	SAML logout using POST will return CSRF token missing or incorrect (HTTP 403).
918778	Hide deprecated models from the tablesizes.html output.
899836	Passwords expires one day earlier than expected.

Znane problemy:

Bug ID	Description
920262	Some of the users logged in a MAC device are unable to get user sessions listed on FortiAuthenticator.
931960	radiusd appears to be stale with unfinished request in component authenticate module facauth that matches no Access-request ID.
929279	Self-service portal password change fails for remote LDAP users.
929943	Push authentication does not work on the FortiAuthenticator Windows agent when using FortiTrust Identity.
929004	Unable to add longer mobile phone numbers for certain country codes.
929090	FortiAuthenticator issues with User Principal Name (UPN) and tokens.
922921	Old and newly revoked certificates in FortiAuthenticator 6.5.2 GA shows active if the revocation reason is 'unspecified.’
932783	FAC2KE PSU Monitor widget does not accurately reflect the actual statuses of the PSUs on the device.
887081	SAML: Launching SP-initiated SAML session for a user with FIDO AUTH produces server errors,
924446	500 error for remote user on SAML portal with both FIDO and FortiToken Mobile/FortiToken Cloud tokens.
920970	Preview mapping does not work under remote user sync rule.
928034	Issue authenticating IPsecVPN IKEv2 EAP (MSCHAPv2) to FortiAuthenticator + remote RADIUS server.
924632	FortiAuthenticator not able to return more than 100 groups from Azure AD when using SSOMA.
869867	FortiAuthenticator SSO database is not updating on time when the domain users switch from wireless to wired or vice versa.
923405	Enrollment request made to the secondary unit not synchronized to the primary unit after it takes control again.
928643	radiusd cannot handle two parallel authentication sessions and removes partially authenticated user when the second attempt happens.
913981	Non-admin SAML FIDO authentication ends with error 500.
929462	Internal server error: /guests/social/register/.
900550	2FA codes via SMS is not working.
924321	Second factor setup against PEAP-MSCHAPv2 client fails with EAP authentication failed due to missing token.
894888	User lookup does not display token information with view-only admin profiles.
907286	FortiAuthenticator LDAP server does not support PW+OTP concatenation for FortiToken Cloud-issued FortiToken Mobile tokens.
904353	Daylight saving time (DST) time zone change for Egypt starting end of April.
876009	FortiAuthenticator ignores the groups filtering rules and sends all the SSO groups to FortiGate if the FortiGate is configured with FQDN.
878854	Remote LDAP usernames greater than 255 character fails to authenticate through SSL VPN.
900664	Certificate only smart connect in iOS does not work.
801933	FortiAuthenticator as an LDAP server: log shows LDAP_FAC in the Source IP field.
756414	Incorrect Italian translation of Next button displayed on the reset password page.
909342	The status of the hardware tokens is „Missing seed” if imported through the serial number file.
908091	When timezone = GMT, London, user audit report download fails with internal server error 500.
928334	Incorrect message on the landing page for No-Access-Admin login.
816070	DB issue if the power is down during a short window when booting from factory reset.
925924	Unable to get SSO session on FortiAuthenticator when using UPN to login

Producent jest świadomy tych problemów i pracuje nad ich rozwiązaniem. W międzyczasie zaleca się monitorowanie dokumentacji producenta w celu uzyskania najnowszych informacji o aktualizacjach i łatach naprawczych, które rozwiązują te problemy.

Notatki producenta: FortiAuthenticator 6.5.3

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

FortiAuthenticator fortiauthenticator 6.5.3