Feedback
Was this page helpful? Let us know how we can make it better.
Release notes for recent Authentication Proxy versions.
Version 2.13.0 - January 2019
Version 2.12.1 - January 2019
- Corrects an issue which prevented usage of unicode characters in the
authproxy.cfg
file.
Version 2.12.0 - January 2019
- Introduces new configuration options
minimum_tls_version
and cipher_list
for hardening the TLS configuration of the Authentication Proxy when acting as an SSL server ([radius_server_eap]
or [ldap_server_auto]
).
- OpenSSL is now built along with the Authentication Proxy on Linux. Admins no longer need to install OpenSSL separately as a prerequisite.
- Perl and zlib are now prerequisites for building the Authentication Proxy on Linux.
- The Authentication Proxy now validates parts of your configuration at startup and when running the connectivity tool.
- FIPS mode for Windows and Linux.
- Additional bug fixes.
Version 2.11.0 - November 2018
- Added support for channel binding validation during LDAP authentication over SSL\TLS on Windows Server. See KB 4034879 for more information about the
LdapEnforceChannelBinding
setting.
- The connectivity troubleshooting tool now checks that the api_host in a
[cloud]
section is accessible.
- Corrected an installation issue on Linux systems due to the PYTHON environment variable.
- Reworded fail mode result messages to improve logging consistency.
Version 2.10.1 - September 2018
- Corrected an installation issue on Linux systems.
Version 2.10.0 - September 2018
Version 2.9.0 - May 2018
- Introduced new connectivity troubleshooting tool
- Python 2.7 now bundled with Authentication Proxy install
- The HTTP Proxy feature now accepts CIDR ranges as permitted
client_ip
values.
- Previous 2.8.1 Windows-only EAP/TLS 1.2 fix for NetMotion implemented in Linux proxy as well
Version 2.8.1 - March 2018
Version 2.7.0 - December 2017
- Supports OpenSSL 1.1.0
- New LDAP server option:
allow_unlimited_binds
- Additional bug fixes
Version 2.6.0 - October 2017
This is the minimum required version for OpenLDAP sync and the minimum recommended version for AD sync.
- Password authentication for OpenLDAP and AD sync
- Fixed bug that caused an authentication event to be logged twice in
authevents.log
- Additional bug fixes
Version 2.5.4 - August 2017
- SIEM-consumable authentication event logging with new configuration option
log_auth_events
- Corrected
ad_client
host failover behavior when using ldap_server_auto
- Additional bug fixes
Note: Interim versions between 2.4.21 and 2.5.4 are internal builds not released to customers.
Version 2.4.21 - March 2017
- Linux logging fix
- Bug fixes
Version 2.4.20 - February 2017
- Bug fix for premature TLS disconnect
Version 2.4.19 - December 2016
Version 2.4.18 - December 2016
- Ease-of-use improvements to authproxy.cfg file
- Updated to OpenSSL 1.0.2h and PyOpenSSL to 16.2
- RADIUS and LDAP bug fixes
- Fixed inappropriate fail open behavior when api_timeout is reached (DUO-PSA-2016-002)
Version 2.4.17 - May 2016
- Enhanced authentication proxy configuration reporting to Duo
- Fixed handling of primary authentication failures in radius_server_eap (DUO-PSA-2016-001)
Version 2.4.16 - May 2016
Version 2.4.15 - May 2016
- Debug logging to file obscures password information
- Improved handling of NTLM and UPN Active Directory authentication
- Improved handling of mixed format line endings in the config file
- Checks config file for duplicate sections at proxy start
Version 2.4.14.1 - February 2016
- Directory Sync and HTTP Proxy bug fixes
Version 2.4.14 - December 2015
- New LDAP server option:
allow_searches_after_bind
- Updated EULA
Version 2.4.13 - November 2015
Version 2.4.12 - August 2015
- Updated to OpenSSL 1.0.1p
- Handling for Palo Alto Client-IP attribute
Version 2.4.11 - March 2015
- Updated to OpenSSL 1.0.1m
Version 2.4.10 - March 2015
- Updated to OpenSSL 1.0.1l
- LDAP enhancements and improved logging
- Fix proxy startup on Ubuntu LTS
- New RADIUS exemption option:
exempt_username_1
- RADIUS client Message-Authenticator validation
Version 2.4.9 - February 2015
This is the minimum required version for AD sync.
- Improved logging
- AD Sync improvements
Version 2.4.8 - November 2014
- AD Sync connection detection
Version 2.4.7 - November 2014
Version 2.4.6 - October 2014
- Updated to OpenSSL 1.0.1j
- AD Sync performance enhancement
Version 2.4.5 - September 2014
- AD domain discovery feature in ad_client:
domain_discovery
- AD Sync improvements
Version 2.4.4 - August 2014
- AD Sync improvements
- Fix LDAP filter extensions
Version 2.4.3 - July 2014
- Update ad_client time out logic
- RADIUS and LDAP bug fixes
Version 2.4.2 - June 2014
This is the minimum supported version.
- Updated to OpenSSL 1.0.1h
- TLS v1.2 support
- HTTPS proxy support for AD Sync
- Support for syslog forwarding (Linux/Unix only):
log_file
, log_syslog
, syslog_facility
Ready to Get Started?
Sign Up Free