You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

PortalGuard v6 Change Log

PortalGuard Version 6.x

2021-09-08 - v6.5.2.1 (PG_IdP.dll, PG.dll)

  1. SAML SSO memory leak fixes

2021-08-31 - v6.5.2.0 (PG.dll, PG_IdP.dll)

  1. Added support for Authy Push
  2. Added support for Twilio as a voice messaging system

2021-08-23 - v1.2.19.9 (PG.NET.dll)

  1. Workaround for BitDefender breaking change where it sets Content-Length to 0 for POST requests and stopped users from logging into PortalGuard

2021-08-06 - v6.5.1.9 (PG.dll)

  1. Increased allowable email TLD (Top-Level Domain) length from 4 to 63 chars
  2. Support for new User Profile mapping field for SQL-based user repositories. The "cleaned" username as provided by the end-user was used previously. Includes changes in HelpDesk.

2021-07-21 - v6.5.1.8 (PG.dll)

  1. Fix for cases where Grouped 2FA enrollment is belatedly enabled for existing users and the SecPol default 2FA method is *not* satsified by what the user has enrolled. In this case Grouped 2FA enrollment is satisifed, but the user didn't enroll the default which leads to an enrollment prompt that fails with error 1104 because OTPEnrollType is blank. The fix update the user's personal default OTP methods if grouped 2FA is satisifed.

2021-07-19 - v6.5.1.7 (PG_IdP.dll)

  1. Fix for Azure AD-based Attribute Stores with SQL-based configurations. Had been erroring out with "CPSAttrStore::initFromJSON(): Unsupported attribute store type 5"
  2. Now printing agent name in log for IdPAgentSSOCustomizations (instead of "<UNKNOWN>")
  3. Standardizing on the PGName attribute as the user identifier for SSO Jump Page customizations (had been a problem in calls to saveSSOBlob and deleteSSOBlob)
  4. Allowing OAuth ROPG clientID and secret to be submitted in POST request (had previously only honored Authorization header)
  5. Fix for use of OAuth Resource Owner Password Grant type where the submitted username was not being used in resolution of the repository. This had resulted in "user not found" in multiple directory deployments.

2021-07-07 - v6.5.1.6 (PG.dll & PG_IdP.dll)

  1. Handle MFA for users in Azure AD. Added errorcode 50076, means valid creds, but MFA is required for user.

2021-07-06 - v6.5.1.5 (PG_IdP.dll)

  1. Change in IdPAgentBase to set identity object "authenticated name" so SSO agents work with Kerberos SSO in IDaaS (ignoring the "placeholder" password)

2021-07-06 - v6.5.1.5 (PG.dll)

  1. Changes in AgentDoKerberos to support dynamic user lookup for new users in IDaaS

2021-06-28 - v1.2.0.1 (WEB-keyCOMInterop.dll)

  1. Fix for issue preventing new users from enrolling finger prints through WEB-key client on PG Desktop

2021-06-28 - v6.5.1.5 (PG_IdP.dll)

  1. Fix for dynamic CAS user field lookup aginst SQL attribute stores. Now supports use of simplified SSO claims, e.g. [EMAIL]

2021-06-25 - v6.5.1.5 (PG.dll)

  1. Change to how IDaaS LAN2Cloud password sync requests are handled. Using SID instead of username. SID is the strongest possible match and is required if samaccountname is the same in multiple directories (they're using fallback). PGConnect has been modified to include SID in the JSON message and there are new SQL SPs for looking up -AND- updating passwords using SID

2021-06-23 - v6.5.1.5 (PG.dll)

  1. Fix to increment counter for HOTP tokens when used with PG Desktop 2FA

2021-06-16 - v6.5.1.5 (PG_IdP.dll)

  1. Fix for "Group Mapping" claim types in CAS and OAuth
  2. Support for custom SAML metadata. Required for supporting InCommon's "errorURL" SAML metadata attribute:

2021-05-28 - v6.5.1.5 (PG.dll)

  1. Prevent heap corruption when attempting to base64 decode an empty string
  2. Patch for Kerberos on Mac issue that was originally resolved in a customer-specific patch

2021-05-28 - v6.5.1.4 (PG.dll)

  1. Fix for bug where deleted User Repositories remained in the configuration map even after an update. Now clearing at start of update.

2021-05-17 - v6.5.1.3 (PG_IdP.dll)

  1. WSTrust - Support duplicate IDs for Azure AD domain joining
  2. WSTrust - ACL support for machines (Group & OU) for Azure AD domain joining

2021-05-12 - v6.5.1.3 (PG.dll)

  1. Using random user identifier for MobileAuth transactions instead of username
  2. Fix for Account Unlock via SSPR propagating to PGConnect (had been treating it as a PW reset)

2021-05-11 - v6.5.1.3 (PG_IdP.dll)

  1. Support for [GROUPS_CN] "simplified" SQL claim value (just the bare "CN" of the user's groups)

2021-05-05 - v6.5.1.3 (PG.dll)

  1. Fixed MobileAuth bug where device re-enrollment (which fails) caused an orphaned BKMobileDevice field that prevented further enrollment after user deleted a device.

2021-05-01 - v6.5.1.3 (PG.dll)

  1. Support for multiple domains in IDaaS

2021-05-01 - v6.5.1.3 (PG_IdP.dll)

  1. New "simplified" SQL claim values: [EMAIL_SUFFIX], [EMAIL_PREFIX]

2021-04-27 - v6.5.1.2 (PG.dll)

  1. Fix for MobileAuth enrollment on iOS to ensure duplicate devices aren't enrolled

2021-04-20 - v6.5.1.2 (PG.dll)

  1. Allowing self service actions to continue when a "placeholder" password is encountered (needed for batch imported IDaaS users)
  2. Returning "bare" BIO-key MobileAuth enrollment URL in element in addition to QR-encoded version. Allows a URL to be displayed when enrolling on a mobile device.

2021-04-15 - v6.5.1.2 (PG.dll)

  1. Allowing IdEngConfig::resolveHDByOU to continue for SQL-based repositories where DirSync is enabled
  2. Support for clearing BKMobile enrollments from cloud vendor in PG HelpDesk (done for "specific field" -AND- clearing ALL UP fields)

2021-04-09 - v6.5.1.1 (PG.dll)

  1. Support for displaying enrolled BK Mobile devices in Admin DB User Detail Lookup

2021-04-07 - v6.5.1.1 (PG.dll)

  1. Using PG server in BK Mobile messages instead of client IP address

2021-04-06 - v6.5.1.1 (PG.dll)

  1. Changed following default timeouts: AsyncOp purge: 20 min (had been 5 min), PalmID enrollment: 10 min (had been 1 min), PalmID auth: 2 min (had been 1 min)

2021-04-01 - v6.5.1.1 (PG.dll)

  1. Terminating back-end asynchronous polling when a max timeout is reached (measured from when the AsyncOp creation timestamp in SQL)

2021-04-01 - v6.5.1.1 (PG_IdP.dll)

  1. Fixes to support Hybrid Azure AD domain joining and "direct" Azure AD domain joining

2021-03-25 - v6.5.1.0 (PG.dll)

  1. Fix for Google Auth used in HMAC mode.

2021-03-16 - v6.5.1.0 (PG.dll)

  1. Support for Duo asynchronous API
  2. Support for Biometric mobile app auth type (all 7 auth types, login enrollment prompting, Grouped 2FA enrollment, pw required/email notification on Acct Mgmt change)

2021-03-11 - v6.5.0.1 (PG.dll)

  1. Generic support for asynchronous operations
  2. Removed useless SQL trace messages

2021-03-03 - v6.5.0.1 (PG.dll)

  1. Fixed SMS and voice OTP delivery for MessageMedia (only changed target URL)

2021-02-28 - v6.5.0.1 (PG.dll)

  1. Consolidated SQL config functionality in SQLConfigAccessor object

2021-02-25 - v6.5.0.1 (PG.dll & PG_IdP.dll)

  1. Fixes to prevent crash when SQL configs are enabled but can't be pulled

2021-02-10 - v6.5.0.0 (PG.dll)

  1. Fix for timezone offset from browser to ensure start & end dates align with admin's local time zone
  2. Changes to prevent login enrollment prompting (MFA & SSPR enrollment, CQA, TOU) during FIDO2 passwordless auth
  3. Fixes to have PG Desktop reporting accurate when WEB-key is used
  4. PG IDaaS: Reverted to reading environment variables from the process's environment block (instead of the registry)
  5. FIDO2 "passwordless" support
  6. Support for clearing SSO Customization user data from the Help Desk console
  7. Ability to export Admin Dashboard report results to CSV

2021-01-27 - v6.5.0.0 (PG_IdP.dll)

  1. Support for Hybrid Azure AD domain joining
  2. Crash fix for escaping '&' chars in the SP entityID
  3. Support for SSO Jump Page customization

2021-01-03 - v6.4.5.1 (PG.dll)

  1. Fix in SQLConfigAccessor.h when logging event error when no configs are present

2020-12-23 - v6.4.5.1 (PG.dll)

  1. Change in hasUserEnrolledDuo() to allow for "token only" enrollments

2020-12-22 - v6.4.5.0 (PG.dll)

  1. Fixes for Azure AD as directory: Fixed bug related to WinHttp class. Needed to add a null terminating character to the HTML response buffer.
  2. Added case-insensitive attribute searching for JSON responses

2020-12-22 - v6.4.5.0 (PG_IdP.dll)

  1. Fixed Azure AD groups bug for CAS and OAuth. Previously unable to send AAD Groups as display name.

2020-12-16 - v6.4.4.0 (PG.dll)

  1. PG IDaaS: GroupSync 2.0 implementation for PGL2C service
  2. PG IDaaS: Tweak to Account Disabling implementation in PGL2C service to perform all operations in the same SQL connection

2020-12-11 - v6.4.3.0 (PG.dll)

  1. PG IDaaS: Support for Kerberos SSO

2020-12-09 - v6.4.2.1 (PG.dll)

  1. Fix in CPSHTTPClient::initResponse() reading in response body in chunks. The temp buffer wasn't NULL terminated so garbage characters could appear at the 4K boundaries.

2020-12-03 - v6.4.2.1 (PG_IdP.dll)

  1. Fix for CAS TARGET values getting doubled '&' chars which breaks the 2nd hop. Only happens when SAML Artifact support is enabled.

2020-12-02 - v6.4.2.1 (PG.dll)

  1. Fix for validating Yubikey OTPs through Duo. If the user had YubiKeys direct in PG, but NOT the one through Duo, OTP checking would stop once the YubiKey was seen as "unenrolled".

2020-11-30 - v6.4.2.1 (PG.dll)

  1. Returning 2FA methods even if there is a problem with SMS delivery. Ensures SMS delivery failures don't prevent any 2FA options from being shown

2020-11-24 - v6.4.2.0 (PG.dll, PG_IdP.dll)

  1. PG IDaaS: Support of disabled account sync
  2. PG IDaaS: Utilizing disabled account status for login

2020-11-17 - v6.4.1.0 (PG.dll, PG_IdP.dll)

  1. Support for Azure AD as a first class directory

2020-11-07 - v6.4.0.0 (PG.dll, PG_IdP.dll)

  1. Support for reading JSON-based configuration files
  2. Support for using SQL-based config files (via environment variables for SQL connectivity)

2020-10-20 - v6.3.4.0 (PG_IdP.dll)

  1. Support for multiple IdP signing certs

2020-10-05 - v6.3.3.0 (PG.dll)

  1. Added support for Duo TOTP token as 2nd factor

2020-09-27 - v6.3.2.5 (PG.dll, PG_IdP.dll)

  1. PG IDaaS: Support for custom text attributes from customer directory

2020-09-10 - v6.3.2.4 (PG.dll)

  1. Fix to copy email address changes from SQL user repository into the element of the User ProfileDirectory Fallback support for Desktop 2FA
  2. PG IDaaS: Support for PGConnect Heartbeat/ping

2020-08-23 - v6.3.2.3 (PG.dll)

  1. Fix to prevent Verbal Auth from causing auto-population of Email or Phone for target user

2020-09-09 - v6.3.2.1 (PG_IdP.dll)

  1. Returning ALL groups when using [GROUPS] for SQL formatted claims

2020-08-03 - v6.3.2.2 (PG.dll)

  1. PG IDaaS: Propagate HelpDesk PW reset down to local AD

2020-07-21 - v6.3.2.1 (PG.dll)

  1. Support for customizable session timeouts based on Group or OU membership
  2. Fix for terminated session checking bug. Exiting doPGLogout with an error if agent initialization fails.

2020-07-09 - v6.3.2.0 (PG.dll)

  1. Nebula: Account Activation DirSync fixes (prevent UserAttributes as "extra data" and suppress DirSync during SSPR if PGACT cookie is present)

2020-07-09 - v6.3.2.0 (PG_IdP.dll)

  1. Support for simplified static and user attribute SQL claims in IdP

2020-06-25 - v6.3.1.6 (PG.dll)

  1. Nebula SaaS: Allowing Account Activation to continue when user has PLACEHOLDER password

2020-06-23 - v6.3.1.6 (PG.dll)

  1. Nebula SaaS: Initial support for Group Synchronization

2020-06-19 - v6.3.1.5 (PG.dll)

  1. Fix for PG Desktop offline 2FA with mobile authenticator

2020-06-11 - v6.3.1.4 (PG.dll)

  1. Support for and verification of WEB-key transaction key during operation as smart proxy

2020-06-11 - v1.2.19.2 (PG.NET.dll)

  1. Added passing of WEB-key proxy transaction key to PG_NET.doWEBkeyProxy

2020-06-09 - v6.3.1.4 (PG.dll)

  1. Fixes for WEB-key as Desktop 2FA (passing through WEB-key error codes)

2020-05-31 - v1.2.19.1 (PG.NET.dll)

  1. New "WEBkeyProxyHandler" HTTP handler for PG's WEB-key smart proxy

2020-05-28 - v6.3.1.3 (PG.dll)

  1. Support for WEB-key as Desktop 2FA method

2020-05-27 - v6.3.1.2 (PG.dll)

  1. Added WEB-key enrollment info to Admin DB User Detail Lookup

2020-05-27 - v6.3.1.2 (PG_IdP.dll)

  1. Support for OAuth Refresh Tokens

2020-05-25 - v6.3.1.2 (PG_IdP.dll)

  1. Confirmation of Client Credentials grant feature
  2. Support for OAuth Resource Owner Password Creds grant type

2020-05-22 - v6.3.1.2 (PG.dll)

  1. Fix for crashes when Account Activation is used in conjunction with Directory Fallback
  2. Nebula SaaS: For DirSync, sending Account Unlock message to Nebula for self-service Account Unlock action as well.

2020-05-20 - v6.3.1.2 (PG.dll)

  1. Support for one-time use GUID to prove user identity during Terms of Use (TOU) prompting from the PG Desktop client

2020-05-13 - v6.3.1.1 (PG.dll)

  1. Nebula SaaS: Propagate PG account unlock down to local AD. For HelpDesk and user-initiated unlocks.

2020-05-12 - v6.3.1.0 (PG_IdP.dll)

  1. Crash for fix when Announcements are in place, OAuth SSO is requested and end-user must perform full login as a result of it. Fix in IdPAgentSSOSelector class.

2020-05-09 - v6.3.1.0 (PG_IdP.dll)

  1. Support for OAuth Client Credentials grant Changes to OAuth configuration to require explicit OAuth grant types to be chosen (requires re-save & potential tweaking of existing OAuth configs!)

2020-05-06 - v6.3.0.3 (PG.dll)

  1. Nebula SaaS: Fix for batch imported users when using DirSync. Verbal Auth and Dashboard User Detail lookup were failing.
  2. Fix for expiring password from Help Desk (stand-alone "expire" action AND during a PW Reset). Now setting LastPWChangeTime to 1/1/1970 (if they're using 'computed' PG pw expiration).
  3. Preventing DB User Detail Lookup from saving any modifications to the target user profile. This can happen if they're using computed PW expiration and the user has never logged in before.

2020-04-28 - v6.3.0.2 (PG.dll)

  1. Changes to support Terms of Use (TOU) acceptance prompting from PG Desktop login

2020-04-23 - v6.3.0.2 (PG.dll)

  1. Handling new return case from Duo preauth check where users were in Duo, but hadn't enrolled any devices. They were being treated as "ready for Duo", but they actually weren't and the cache was stopping Duo from being shown as available after they actually did enroll.

2020-04-16 - v6.3.0.1 (PG.dll)

  1. Nebula SaaS: Fix for catching and correctly erroring out for blank return attributes during DirSync user authentication

2020-04-10 - v6.3.0.1 (PG.dll)

  1. Nebula SaaS: Passing in DirSync SQL config params from bootstrap

2020-04-08 - v6.3.0.1 (PG.dll)

  1. Nebula SaaS: Asynchronous DirSync support
  2. Fix to prevent "No OPENSSL_AppLink" error when generating Root CA in PG_Config (from 2020-04-08 - v6.3.0.0)

2020-04-05 - v6.3.0.1 (PG_IdP.dll)

  1. Support for SP-initiated POST SAML Single LogOut (SLO)

2020-04-05 - v6.3.0.0 (PG.dll)

  1. Visual Studio 2019 port (requires different Visual C++ redistributable)

2020-04-05 - v6.3.0.0 (PG_IdP.dll)

  1. Visual Studio 2019 port (requires different Visual C++ redistributable)

2020-04-01 - v6.2.6.0 (PG.dll)

  1. Change to allow MySQL reporting support for start and end times
  2. Change in Self Registration for MySQL to not advance the result set (MySQL doesn't treat the nested call to cleanUserRegData in getUserRegData as another result set) Associated fixes in AgentLogout & AgentSelfReg as well

2020-03-25 - v6.2.6.0 (PG.dll)

  1. Fix to ensure server side PW quality rules are returned in the XML for a failed PW reset (they ARE correctly there on a failed PW change). This bug was causing the server side rules to show initially on "New Password" screen, then disappear if they submitted an insufficiently complex password.

2020-03-18 - v6.2.6.0 (PG.dll)

  1. Nebula SaaS: Fix for allowing batch imported users to manually login (checking for PLACEHOLDER as password field) Change to "saved" pw expiration logic. If the ExpirationDate field is not present and the policy is set to "expire on first use", the LastPWChangeTime is used as the starting point if present.

2020-03-17 - v6.2.6.0 (PG_IdP.dll)

  1. Nebula SaaS: Fix for allowing batch imported users to manually login (checking for PLACEHOLDER as password field)
  2. Support for MySQL in IdPAgentOAuthBase::getAuthZCode

2020-03-12 - v6.2.6.0 (PG_IdP.dll)

  1. Regression fix for sending all groups in a SAMLResponse

2020-03-11 - v6.2.6.0 (PG_IdP.dll)

  1. Fix for Forms SSO crash when "Shared/Fixed creds" type is selected, but template accidentally contains a "Username" or "Password" type field

2020-03-09 - v6.2.6.0 (PG_IdP.dll)

  1. Group mapping claims using tokenGroups field (AD only) NOTE: This does NOT support group name substitution/RegEx!

2020-02-28 - v6.2.5.1 (PG.dll)

  1. Nebula SaaS: Changed DirSync auto-registration to require LoginName/sAMAccountName instead of Email Address (which some accounts may not have)

2020-02-20 - v6.2.5.0 (PG.dll)

Small changes in User Profile mapping for SQL and DirSync to get logins working with either Email or sAMAccountName

2020-02-17 - v6.2.5.0 (PG.dll)

  1. Can return Forgot Username results (single or multiple) to user via email
  2. Can programmaticaly return a specific username during Web Authentication (Identity values passed back to NetworkAUP.ashx.cs)
  3. Returning new minor error code when AD binds fail due to newer signing & channel binding requirements

2020-02-04 - v6.2.4.0 (PG.dll)

  1. Support for calling a stored proc to get SQL roles

2020-02-03 - v6.2.4.0 (PG_IdP.dll)

  1. Change to make OAuth token endpoint response use a Content-Type of "application/json" (section of

2020-01-20 - v6.2.4.0 (PG.dll)

  1. Nebula SaaS: Support for LAN-2-Cloud password synchronization

2020-01-23 - v6.2.3.7 (PG.dll)

  1. Support for single quotes in username/email with SQL directories
  2. Added support for wildcard searching in Admin Reports - use [prefix%] -OR- [%suffix] -OR- [%mid%]. These searches are case-insensitive!

2020-01-19 - v6.2.3.6 (PG.dll)

  1. Nebula SaaS: Batch import support for auto-enrolling users (looks for "UserAttributes" field).

2020-01-15 - v6.2.3.6 (PG.dll)

  1. For "post" password changes from the PG Desktop, downgrades the Password Change authentication level to name & password (100) if the security policy requires something higher (e.g. 2FA is 400). The PW change has already been accepted by Windows so PG should not send OTPs, etc.

2019-12-13 - v6.2.3.6 (PG.dll)

  1. Exiting CPSLDAP::expirePasswordByUsername() immediately for non-Active Directory LDAP types (was causing 20 sec hangs/delays)

2019-12-11 - v6.2.3.6 (PG.dll)

  1. Support for searching for exact match only in Help Desk & Admin Db user lookup (triggered when '$' is the end of search term). Works for both LDAP and SQL-based repositories.

2019-12-10 - v6.2.3.6 (PG_IdP.dll)

  1. Support for emitting only a whitelist of UPN suffixes in the IdP Issuer override. This can be used to ensure child/sub-domains are not used in the Issuer value if they inherit from the root domain (the sub-domains have no federation settings of their own). This is most helpful in Office 365. Example value: _http://[,]/pgidp

2019-12-05 - v6.2.3.6 (PG.dll)

  1. Bug fix to ensure Email 2FA enrollment is allowed when "Only allow enrollment from Acct Mgmt page" option is enabled for Phone
  2. In CBA v2 (network and IP-based geolocation), now taking the right-most value IP address when multiple IPs are present (e.g. from use of a proxy)
  3. Added LDAP function: unexpirePasswordByUsername to fix customer-specific issue where PW Resets caused new PW to be seen as 'expire on first use' immediately after

2019-12-05 - v6.2.3.6 (PG_IdP.dll)

  1. Support for dynamic UPN suffix in IdP Issuer override using [UPN_SUFFIX] placeholder. Meant for use with multiple Azure AD child domains. NOTE: This only works for AD-based Attribute Stores -AND- the userPrincipalName must be used as an identity claim to ensure it is available to this feature
  2. Support for Group Whitelist filtering on prefix or suffix using wildcards
  3. Support for redirect_uri values that use Custom URL Schemes ( These are typically used for mobile apps performing OAuth.
  4. Added LDAP function: unexpirePasswordByUsername

2019-12-03 - v1.2.13.9 (PG.NET.dll)

  1. Removed regex checking on urls to allow for mobile app URLs, e.g. com.acme.someapp://

2019-11-14 - v6.2.3.5 (PG.dll)

  1. Support for writing single "PG_Log.txt" file when environment variable PG_KUBE=1 (for log hooking)

2019-11-04 - v6.2.3.4 (PG.dll)

  1. Fix for DirSync: Using provided username value to find User Profile after user created in SQL
  2. Support for Web Authentication and agreements in Cisco Wireless LAN Controllers

2019-10-23 - v6.2.3.3 (PG.dll)

  1. Support for 2FA Enrollment Grouping (Phone, Email and Mobile Authenticator) - Users must enroll X of Y types as part of 2FA login.

2019-10-23 - v6.2.3.3 (PG_IdP.dll)

  1. In OAuth token endpoint, support for reading client id and secret from "Authorization: Basic" header

2019-10-09 - v6.2.3.2 (PG.dll)

  1. DirSync wrapper changes to allow for initial RMQ connections to be re-tried by the .NET library.
  2. Fix to NOT check for SMS custom XML file is SMS delivery is not set to "Hosted" (had been causing error 1122 on apply/sync if the underlying XML file was never created)
  3. Added logging to show when initialization and refreshConfig finish

2019-10-02 - v6.2.3.2 (PG_IdP.dll)

  1. New code that supports "response_mode=form_post" in OAuth authorization (will POST the resulting Authorization Code instead of a 302 redirect to the callback URL)
  2. New de-duplication code when finding matching configurations for OAuth/OIDC (looks at all GUIDs and removes dupes)

2019-09-27 - v6.2.3.1 (PG_IdP.dll)

  1. Support for CAS/SAML NotBefore clock skew
  2. Fix for regression in getSQLLookupCreds() that passed the db name instead of the configured username
  3. Support for modifying SAML response to indicate whether 2FA was performed by cynamically changing the "AuthnContextClassRef" element value. Use [AUTHTYPE MFA_VAL="somevalue"] placeholder in the SAMLResponse template. The "MFA_VAL" attribute has the value to use for users that performed 2FA "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" is used otherwise.

2019-09-27 - v1.2.13.8 (PG.NET.dll)

  1. Calling PGCommon.handleCORS() in OAuth and OIDC metadata handlers so it works for AJAX-based JS clients

2019-09-05 - v6.2.3.1 (PG.dll)

  1. Support for multiple ? placeholders in SQL User Search query (to query multiple columns)

2019-08-20 - v6.2.3.0 (PG.dll)

  1. Support for printing LDAP server name after connection

2019-08-12 - v6.2.3.0 (PG.dll)

  1. Initial implementation of DirSync using Rabbit MQ

2019-08-12 - v6.2.2.6 (PG.dll)

  1. Fix in PW expiration checking to honor the hours, minutes and seconds instead of truncating them. This helps prevent PG from treating passwords as expired a day early.

2019-08-12 - v6.2.2.6 (PG_IdP.dll)

  1. Support for RS256, RS384, RS512 signing for OIDC
  2. Added HS256, HS384 & HS512 algorithms to "id_token_signing_alg_values_supported" in the OIDC/jwks.json metadata
  3. Substituting accesstoken in IdPAgentOAuthToken if nonce is missing (for compatibility with Citrix NetScaler).

2019-08-07 - v6.2.2.5 (PG.dll)

  1. Support for Agreements - Can require users to "accept" an agreement before accessing specific federated applications or getting a valid logon session with the PG server. The "accept" (or "reject") timestamps can be reported on from SQL. This feature is an extension to the Announcements feature and is good for ensuring users see and confirm Acceptable Use Policies before continuing.
  2. Optional email notifications for all Account Management actions
  3. Support for sending email notifications when a user changes their password through PG

2019-07-30 - v6.2.2.4 (PG.dll)

  1. Fixed crash when "prevent session re-use" and directory fallback were both enabled

2019-07-23 - v6.2.2.4 (PG.dll)

  1. Fix in CPSHTTPClient to only change WINHTTP_OPTION_CLIENT_CERT_CONTEXT when SSL is enabled
  2. Fix in URLDecode -AND- URLEncode to support UTF-8 chars up to 0xFF (including the £ char).

2019-07-22 - v6.2.2.4 (PG_IdP.dll)

  1. Fix in URLDecode -AND- URLEncode to support UTF-8 chars up to 0xFF (including the £ char)

2019-07-01 - v6.2.2.4 (PG.dll)

  1. Fix in URLDecode to support UTF-8 chars up to 0xFF (including the £ char)

2019-06-27 - v6.2.2.3 (PG.dll)

  1. Support for BIO-key's WEB-key offering as 2nd factor method

2019-06-26 - v6.2.2.2 (PG.dll)

  1. Using new SQL connect timeout setting of 10 sec

2019-06-26 - v6.2.2.2 (PG_IdP.dll)

  1. Using new SQL connect timeout setting of 10 sec

2019-06-24 - v6.2.2.2 (PG.dll)

  1. Support for directory failover.
  2. New HelpDesk & Dashboard user lookup using drop-down list for choosing repository.

2019-06-11 - v6.2.2.1 (PG.dll)

  1. Fix for Account Activation and "PG-POST-File" param being seen as "extra" data
  2. Fix for enforcing Strike Expiration even when Lock Expiration is disabled (ensures the StrikeDateTime field is written when either feature is enabled)

2019-06-07 - v6.2.2.1 (PG.dll)

  1. If the username contains a backslash, we'll never be able to save or restore user profiles if configured to stores these in flat files. Change in UserProfileEngineFile to replace the backslashes with hyphens (this is not an issue for SQL-based user profiles).
  2. Including "uid" in global HD type-ahead search filter for Domino and SunOne LDAP types.
  3. Allowing HD Regions to have a blank Base DN (also required a change in PG_Config).
  4. Fix for SMSGlobal (3rd party messaging provider) that was requesting cert-based authentication for all HTTP requests. Now specifying WINHTTP_NO_CLIENT_CERT_CONTEXT in all requests from our HTTP client.

2019-06-07 - v6.2.2.1 (PG_IdP.dll)

  1. Fix to restore "DOMAIN\" prefix to username in IdPAgentFederatedSSO when Domino LDAP is the attribute store. We were treating it as a NetBIOS AD domain and were removing it automatically.

2019-05-21 - v6.2.2.0 (PG.dll)

  1. Fix for Day of Week bug in CBA 2.0 "new browser" email notifications. UTC time was being used for DoW instead of local time.
  2. Patch in AD PSO reading of msDS-MinimumPasswordAge value to IGNORE any values less than 1440 and treat them as 0.
  3. Support for FIDO2 / Web Authentication ("WebAuthn") as a 2nd factor

2019-05-21 - v6.2.2.0 (PG_IdP.dll)

  1. Fix for bug that OAuth configurations could not have the same client_id but different callback URLs (stored as Ids in our configs). Now filtering multiple configuration matches using redirect_uri/callback after initial lookup on client_id. NOTE: This code only runs when "Allow Duplicate IDs" is enabled in the General IdP Settings. Otherwise, the first match is used!

2019-05-02 - v6.2.1.0 (PG.dll)

  1. Version that has undergone annual Manual Penetration Testing by Veracode
  2. Fix to support backup phone indexes for back-end 2FA API
  3. Additional boundary checks based on Veracode static scanning
  4. Checking for a ".wav" extension as part of file validation in AgentAcctVoiceIt::handleRequest()

2019-04-02 - v6.2.0.5 (PG.dll)

  1. Returning details to the UI for all 6 server-side pw quality rules to potentially display all rules:
    a. AD complexity  b. Minimum age  c. PW History  d. PW Dictionary  e. PW Similarity  f. RegEx
  1. Fix for positive time zone offsets when dealing with blank/NULL dates in reporting
  2. Extra boundary checking in checkChallengeAnswers to prevent crashes

2019-03-25 - v6.2.0.5 (PG_IdP.dll)

  1. For Forms SSO, replacing double-quote literal (") with HTML-encoded version of "

2019-02-28 - v6.2.0.2 (PG_IdP.dll)

  1. Fix to prevent PG server init crashes when value is blank in _PG_IdP_Config.xml (resulted from IdP_Config.exe v6.2.0.0, fixed in v6.2.0.1)

2019-01-27 - v6.2.0.1 (PG_IdP.dll)

  1. Fixes for properly outputting exponent, modulus and thumbprint in jwks.json (for OIDC)

2019-01-21 - v6.2.0.3 (PG.dll)

  1. Fix for properly handling PG-POST-File parameter during new user self-registration.

2019-01-15 - v6.2.0.2 (PG.dll)

  1. Added "Reset failed logon attempts count after X mins" setting to Security Policies.
  2. Support for directly leveraging Active Directory "Password Setting Objects" (PSO) settings instead of duplicating the configuration in Security Policies: Password Complexity, Expiration & Account Lockout Settings

2018-12-28 - v6.2.0.1 (PG.dll)

  1. Fixes for handling import of HOTP token seed values if they contain embedded NUL characters.

2018-12-28 - v6.2.0.1 (UI)

  1. Additional changes to multiple InetPub\PortalGuard files related to WCAG 2.0 conformance.

2018-12-17 - v6.2.0.0 (PG_IdP.dll)

  1. Support for OAuth v2.0.
  2. Support for OpenID Connection v1.0.
  3. CAS fix for using the URL's full path if no query string arguments are provided in the request. This can fix errors related to the CAS logout action.

2018-12-17 - v6.2.0.0 (PG.dll)

  1. Support for use of Google reCAPTCHA on main PG login form.
  2. New setting to prevent end-users from changing any YubiKey enrollment (they can only be batch imported when enabled).

2018-11-30 - v6.1.0.0 (PG.dll)

  1. FIDO U2F support.
  2. Support for voice biometrics OTP type through VoiceIt service provider. Had to add logic to prevent voice biometric phrases from being seen as potential YubiKey OTPs.
  3. Support for smart card-based logons to PG.
  4. Fix for creating PG SSO cookie after password change as well (was only being done on login, prior)
  5. Password Recovery Fix: HTML-encoding the value to ensure XML processing doesn't break in PG.NET. Characters containing reserved XML characters (e.g. '&') were not displaying.
  6. Returning new element on AcctMgmt to indicate if Duo is enabled for any actions in the security policy.
  7. Fix for Verbal Authentication - Ensuring the HD user's groups and OUs are cleared before looking up the target user. Without the fix, this could result in the wrong security policy being applied to the target user.

2018-11-30 - v6.1.0.0 (PG_IdP.dll)

  1. Fix in CAS agent for using the full path if no query string is provided in the request
  2. In IP Blocking feature, not doing any blocking when the IP value is blank.
  3. Checking static white list before adding an entry to the dynamic IP blacklist. Prevents "new dynamic IP blocked" email when the IP is already white-listed.
  4. For easier log parsing, adding "X-MS-Forwarded-Client-IP={IP}" to the log line showing username when a WS-Sec auth fails.
  5. Support for static formatting around Group CNs for SAML/WS-Fed

2018-09-17 - v6.0.0.5 (PG.dll)

  1. Fix to enforce blocked access via CBA v2.0
  2. UI: Fix for phone type radio button selector javascript bug

2018-08-16 - v6.0.0.4 (PG.dll)

  1. Support for grouping Challenge Answers, Phone & Email enrollments and allowing a subset to satisfy the enrollment requirement (e.g. 1 of 2, 2 of 3).

2018-07-31 - v6.0.0.3 (PG.dll)

  1. Restored IP geolocation support in CBA v2.0

2018-07-30 - v6.0.0.3 (PG_IdP.dll)

  1. HTML encoding any double-quotes in RelayState so it doesn't break the POST
  2. For Banner 9 AppNav integration, changed the CAS "jsessionid" behavior to truncate EITHER or BOTH the "svc" value in the request and the value stored in SQL.

2018-07-24 - v6.0.0.2 (PG_IdP.dll)

  1. IP Lockout no longer blocking requests where X-MS-Forwarded-Client-IP request header is "blank".
  2. Critical section now being released in exception handlers if an exception occurs during SAML signing.

2018-07-19 - v6.0.0.2 (PG.dll)

  1. PW dictionary fix to lowercase the actual dictionary words as well during "contains" checking. If the words had any capital letters in the config, they weren't matching.

2018-07-12 - v6.0.0.1 (PG.dll)

  1. Fix for deadlock when performing update/sync when long running agents tried to filter event reporting.

2018-07-12 - v6.0.0.1 (PG_IdP.dll)

  1. Using shared reader lock approach on Bootstrap access from AgentBase, minimizes number of read locks IdP agents request.

2018-06-27 - v6.0.0.0 (PG.dll)

  1. Suppressing "unknown OTP type" error when Duo is available, but user failed validating with different type (e.g. phone).
  2. Support for report event filtering Fix for crashes when using KBA and reducing the number of challenge questions in the security policy. Now returns PGAPI_RC_CONFIG_ERROR/1122 which displays following error on Login page: The security policy is incorrectly configured - please contact the administrator
  3. Support for writing PGAS cookie to reflect authentication type for app-specific 2FA.

2018-06-28 - v6.0.0.0 (PG_IdP.dll)

  1. For NameID claims, only adding the "Format" attribute if the schema value is non-blank.
  2. Support for report event filtering.
  3. Support for SSO to legacy web applications.
  4. Support for app-specific 2FA.
  5. Support for IP blocking "whitelist".
  6. Support for "persistent" IP blocking for Office 365/WS-Security logins.
  7. Support for claim case conversion: UPPER(2), lower(1) or No Change(0).
  • 40
  • 21-Sep-2021