PortalGuard Version 3.x
2014-03-27 - v3.5.3.3
- More flexible SQL authentication:
- Hash encoding: base64 (default), hex UPPER, hex lower
- Prepend (default) or append salt
- Use chars instead of bits
- Salt encoding
2014-03-07 - v3.5.3.2
- New options for self-service utilization of mandatory answers.
2014-03-05 - v3.5.3.2
- Now showing remembered sessions in Acct Mgmt if KBA is used
2014-03-04 - v3.5.3.2
- Allowing batch import to set mandatory answers alone (which will clear optional challenge answers if they are not submitted)
2014-02-24 - v3.5.3.1
- Changed default type-ahead filter for global HD for OpenLDAP (via "Oracle/Sun" LDAP type) to NOT use the "(!objectclass=computer)" clause.
2014-02-18 - v3.5.3.1
- Add configurable PG_SIP "wait" param in milliseconds ("-w XXXX" on command line)
- Support for pre-hashing OpenLDAP password changes (SunONE type only)
2014-02-16 - v3.5.3.0
- Scheduled email expiration reminders for SQL-based PG profiles
2014-02-13 - v3.5.3.0
- Configurable YubiKey OTP validation server URL
2014-02-10 - v3.5.3.0
- Support for validating multiple phone formats in _PG_Countries.xml (NOTE: ALL formats are currently returned as a single XML value)
- Scheduled email expiration reminders for file-based PG profiles only
2014-02-05 - v3.5.3.0
- Changes to CPSLog class so TTTEnrollment.exe will NOT use CPSGlobalConfig but will still use CPSFileAccessor.
- Fixes to allow SSPR with Mandatory only vs. Optional only settings
2014-01-28 - v3.5.3.0
- "Remember browser" for KBA
- Require multiple challenge answers for KBA
2014-01-17 - v3.5.3.0
- Fix for allowing email changes from Acct Mgmt page (regression from v3.5.2.8)
2014-01-14 - v3.5.3.0
- for email confirmation
2014-01-14 - v3.5.3.0
- Support for sending account lockout notifications to user & extra accounts
2014-01-09 - v3.5.3.0
- Support for sending SSPM notifications to extra accounts
2014-01-09 - v3.5.2.11
- Support for 2FA via TMG's "RADIUS OTP" auth method that only performs a single RADIUS request. We're ensuring the pw field that comes over contains the pw & OTP delimited by "||||||" currently.
2014-01-03 - v3.5.2.10
- Fix to prevent resending OTPs that are expired (or about to). New OTPs are now generated when less than half an existing OTP's life exists.
2013-12-09 - v3.5.2.9
- Normalizing user and domain values for actions performed under Native Windows Authentication (UPNs are resolved to AD domain and sAMAccountName!)
2013-12-04 - v3.5.2.8
- Preventing email enrollment during login if already enrolled
2013-11-12 - v3.5.2.7
- Added ability to unlock accounts in Oracle Internet Directory
- Supporting groups for Oracle LDAP [filter was already correct: (&(uniqueMember=%s)(objectclass=groupOfUniqueNames))]
2013-10-31 - v3.5.2.6
- Preventing phone enrollment during login if already enrolled
- New option for completely preventing phone enrollment during login (done from Acct Mgmt)
2013-10-28 - v3.5.2.5
- Updated CPSLDAPAttribs to handle base64 encoded binary results and GUIDs as string
2013-10-23 - v3.5.2.4
- Account Management now displays linked accounts
- Better data returned in Admin Dashboard user lookup:
2013-10-19 - v3.5.2.3
- Checking OTP in AgentLogin if provided (prevents redundant OTP entry after SS enrollment)
- Support for SASL/Kerberos login for AD-based LDAP (satisfies LDAP signing security requirement if enabled in DC GPO)
2013-10-16 - v3.5.2.2
- Fix for native windows login using UPN
2013-09-23 - v3.5.2.1
- Now doing case-insensitive username checking during regional HelpDesk authorization
2013-09-19 - v3.5.2.1
- SQL repository support for SHA256, SHA384 and SHA512
2013-09-19 - v3.5.2.0
- Google Authenticator support
2013-09-17 - v3.5.1.9
- New repository option to perform account unlock against PDC (Native_UnlockOnPDC=1)
2013-09-16 - v3.5.1.8
- Made RBA/SQL event logging no longer dependent on file paths! (customer separated the log and policy folders to different parent dirs so it was throwing an error)
2013-09-16 - v3.5.1.7
- Support for SQL Native Client driver (XML columns weren't properly accessed previously)
2013-09-11 - v3.5.1.7
- Fix in CPSDate::set(tstring) for "date only" values. Now passwords expire on the proper day (instead of the day after) and grace periods are correctly enforced
2013-09-06 - v3.5.1.6
- Added optional proxy configuration (server, exceptions, user, password) to HTTP client class
2013-08-29 - v3.5.1.5
- Added 2FA option to PassiveKey enrollment
2013-08-26 - v3.5.1.5
- Leading/trailing and contiguous spaces were being removed automatically, preventing validation through checkAllCreds (would've been a problem in RADIUS login too).
2013-08-20 - v3.5.1.4
- New option in PG HelpDesk pw reset to expire the new password (checked by default)
2013-08-13 - v3.5.1.3
- Allowing change of challenge answers even when ERB is to be built (requesting and validating password)
2013-08-12 - v3.5.1.2
- Allowing user override of default OTP type for VPN
- Added custom text/prompt when PK is default VPN OTP
2013-08-07 - v3.5.1.1
- Support for PassiveKey TOTPs via VPN
2013-08-02 - v3.5.0.7
- Checking for duplicate emails on email registration/change
2013-07-30 - v3.5.1.0
- Support for Desktop 2FA auth types
2013-07-29 - v3.5.0.6
- Support for hex encoding in {RANDSTR()} function: HEX_UPPER and HEX_LOWER
2013-07-25 - v3.5.0.5
- Option for updating email address in LDAP when changed through PG
- New "AgentGeneral" subclasses
2013-07-24 - v3.5.0.4
- Adding self-registration for SQL repositories
2013-07-19 - v3.5.0.3
- Returning original self registration POST data for SelfReg email confirmation for any custom .NET uses
2013-07-05 - v3.5.0.2
- Adding self-registration
- Fix for ensuring "email enrollment" template is used for periodic email confirmation
2013-07-01 - v3.5.0.1
- Now setting PGAnonSess, PGSession cookies as "secure" if request was made over SSL
- Adding support for detecting when SSL proxies are in front of PG server with non-standard MS header, "Front-End-Https: on"
2013-06-27 - v3.5.0.0
- OTP dialog error for SSPM w/ 2FA when printed OTP was default (did not occur for phone or email)
2013-06-25 - v3.5.0.0
- Adding event record elements for SSPM redesign, Account Management actions & 2FA enrollment and use
- No longer ignoring/dropping HTTP cookie creation/deletion if we have a same-named cookie - newer one wins.
2013-06-19 - v3.5.0.0
- Allowing account linking (pw sync) to secondary SQL repositories
2013-06-13 - v3.5.0.0
- Allowing account linking (pw sync) to secondary SQL repositories
- Multiple primary repository support
- Tweaked HD user type-ahead to work regardless of repository type
|