2.1.17 ------ * Released February 22, 2016 * Fix installer message to correctly state that 2008 server is the minimum supported by v2.1 * Credential tile was broken for some cases where the user's password starts with a dash (-). It was incorrectly interpreted as a separating character between an OTP and the password, regardless of where the user entered the OTP. * Internal refactoring of the code to detect AuthLite groups (no functional change) * Improved support for cached workstation logons during password change operation (previously the pass change could corrupt the 2-factor logon cache until the user logged on again in online mode) * Detect and preserve the "LOGON_NO_OPTIMIZED" flag, which workstations use to determine whether a cached logon should work immediately or try to contact a DC first. Previously, AuthLite caused this flag to always be lost, and the workstation would always log on with cached credentials immediately. This meant that some of the "you must change your password" signals in the credential tile would not work correctly, leading to the user having to voluntarily go through a password change procedure instead of being directed into it automatically. * Discard OTPs sent to the DC but not used within 3 seconds (prevents accidental use stale OTP by another login by the same user on the same thread later) 2.1.16 ------ * Released January 26, 2016 * Workaround for ADSI sometimes returning a byte array of ASCII characters instead of an integer * Read settings faster from local cache when the domain is not available. * Workaround for YubiKey API bug that caused offline logon to fail when the stored challenge ended in a 00 byte. * Extra trace lines for challenge/response debugging. 2.1.15 ------ * Released December 13, 2015 * Improve performance for busy servers by disengaging log4net appenders when debug logging is not enabled. 2.1.14 ------ * Released November 28, 2015 * Fix bug introduced in 2.1.7, where the new "single shot crash dump" debugging feature was always enabled regardless of the state of its UI checkbox. For further information, see http://www.collectivesoftware.com/kb/authlite-upgrade-advisory-5/ 2.1.13 ------ * Released November 17, 2015 * Support for YubiKey version 4 2.1.12 ------ * Released November 15, 2015 * Remove calls to SetUnhandledExceptionFilter, since it was conflicting with other software at a customer. 2.1.11 ------ * Released November 3, 2015 * Improve NFC reading UI in credential tile 2.1.10 ------ * Released October 27, 2015 * Allow JIT provisioning of Okta tokens for users who do not yet have any other AuthLite keys assigned. 2.1.9 ----- * Released October 23, 2015 * Catch a harmless exception on service stop that was making it terminate with an ugly error. * Sub-function tracing to try and detect source of slowness at a customer. * Remove frequent calls to SetUnhandledExceptionFilter from debug logging function, since it was conflicting with other software at a customer. 2.1.8 ----- * Built October 15, 2015 * Catch end-of-stream connections on log connector. * Disable a debug hook that was not being used, but prevented PageHeap from working correctly. * Make RunOnce callback handling deterministic and eliminate the dependency on keeping a map of individual callbacks. * Limit the number of service connections from lsass. * Increase the minimum thread pool thread count of the service to more reasonably approximate the number of simultaneous connections it can expect to receive. * Remove out-of-band close notification from client side service connections. * Allow round-trip tracking of ServiceRequest operations. 2.1.7 ----- * Built October 7, 2015 * Added try/catches for lock objects that were missing them, so resource starvation will cause an error event instead of a runtime exception. * Configurable: if a thread in core throws an unhandled structured exception (crash), emit a crash dump to \windows\temp, dump debug log (if configured), and emit an error event. * During debugging, the core will be disabled after a crash occurs, so the system can start up without AuthLite running in the core. This enables easier retrieval of the crash dump and prevents the DC from staying "stuck", in cases where the crash happens during startup. * Try to improve efficiency of core debug logging thread so less lines are lost on a busy system. Also record when lines have been lost. 2.1.6 ----- * Built September 14, 2015 * Fix cross-domain YubiKey lookups. * Tolerate the same yubikey defined in more than one domain. 2.1.5 ----- * Released September 14, 2015 * Workstation offline logon secret management rewritten for stability and future support of OATH tokens/recovery. * Added support to detect RPC named pipe client IP addresses correctly (ncacn_np) for NetApp file servers. * Added a meaningful workstation logon failure message to be displayed when the AuthLite service is not up. * Re-ordered the way we search for the user session token to acquire a YubiKey challenge response. * Store Okta settings in a separate secure area, because the token needs to have administrative rights and AuthLite didn't previously have a way to store "secret" settings. 2.1.4 ----- * Released August 31, 2015 * Fix a bug introduced in 2.1.3 that caused permitted OATH token replays on the same DC to be improperly rejected. * Allow selection of AuthLite Group Pairs from domains in external trusts. 2.1.3 ----- * Released August 24, 2015 * Preliminary Okta cloud TOTP token integration * Improved debug log file naming so logs cannot be accidentally named the same and overwritten 2.1.2 ----- * Released August 12, 2015 * Fixed SAM function version check to do the right thing on Windows 10. * Removed legacy code that was causing an event log error when a standalone user authenticated. * Allow kernel debugger output to be turned on with a registry setting. 2.1.1 ----- * Released August 10, 2015 * Installer was not properly checking for .net framework v4 before running * Non-DC systems were not showing the License ID in the Configuration app. 2.1.0 ----- * Released August 9, 2015 * Branched from version 2.0.73 * Minimum .NET version supported is now v4 * Unified encrypted Debug/Trace file collection for all AuthLite-aware hosts * Minor UI usability improvements