Advanced Authentication 6.3 Service Pack 4 Patch 1 includes enhancements and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Advanced Authentication forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources. You can also post or vote the ideas of enhancement requests in the Ideas forum.
For more information about this release and for the latest release notes, see the Documentation NetIQ Advanced Authentication Documentation page.
If you have suggestions for documentation improvements, click NetIQ Advanced Authentication Documentation page.at the bottom of the specific page in the HTML version of the documentation posted at the
Advanced Authentication 6.3 Service Pack 4 Patch 1 includes the following:
This release includes the following enhancements:
Settings to Retrieve User Groups after Authentication
The options,and are introduced in all events (existing and new events). These options allow an administrator to retrieve the list of groups a user is associated with after successfully authenticating to an event.
NOTE:Theis enabled by default for all the events except the Authenticators Management, Smartphone Enrollment, OAuth 2.0, and SAML 2.0 events.
Improved REST API Call to Return the DNS Name
The REST API call /api/v1/repositories has been enhanced to return the DNS name of each repository along with the repository name and repository type.
Advanced Authentication 6.3 Service Pack 4 Patch 1 resolves a potential Multi-Factor Authentication (MFA) downgrade issue (CVE-2021-22515).
We would like to offer a special thanks to Julkair for responsibly disclosing this issue.
This release includes the following fixes:
Theoption for the SMS OTP and Email OTP methods is not available in the old Enrollment portal.
When a user logs in to the old Enrollment portal by performing the basic authentication and tries to enroll the TOTP method, the QR code is not displayed.
When a user connects the Spanish national identity card (Documento Nacional de identidad) and tries to enroll it using the PKI method, the certificate is not displayed in thefield.
However, on click of, certificates are displayed. When the user selects a certificate, the following error message is displayed:
Cannot check the revocation status.
The RADIUS server does not return the msRADIUSFramedIPAddress attribute if the hexadecimal value of that attribute contains a negative value.
When the users from LDAP repositories try to log in to the Enrollment Portal, the following error message is displayed:
WebAuth feature is not running.
This issue happens only for LDAP users who are associated with many groups and many nested groups. The local users can log in without any problem.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Advanced Authentication 6.3 Service Pack 4 Patch 1 includes the following known issue:
When a user tries to authenticate to Windows Client, it freezes in the Please wait screen after providing the username. This happens only in Windows machines with external Nvidia Quadro graphics cards and their drivers installed.
There are various messages as follows:
dockerd: time="2020-12-21T23:30:22.663706880Z" level=warning msg="Health check for container b1cc02cc52d3fe2681c9fa60abfab62aa54fa40d4d833fca4bb0fef5d0414890 error: context deadline exceeded" in syslog.
These messages do not indicate any issues. This is due to the absence of the Risk Service license.
Workaround: Perform the following steps:
Log in to the Configuration Portal (:9443).
Clickand select the Risk Service then click and select .
Clickthen select for Risk Service.
Issue: The Risk Service does not work after upgrading to Advanced Authentication 6.3 SP4.
Workaround: Run the following commands to remove the old rba_history container and reboot the appliance:
systemctl stop docker
systemctl start docker
docker container stop risk_rbahistory_1
docker container rm risk_rbahistory_1
docker rmi -f mfsecurity/rba_history:18.104.22.168
Log in to the Administration portal and click> to clear the logs.
NOTE:If any command takes too long to respond or hangs, press Ctrl+C to stop and continue with the next step.
You can update Advanced Authentication 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4 to Advanced Authentication 6.3.4 Patch 1.
The updated Client bundle and Helm chart are available in Software Licenses and Downloads page.
For more information about upgrading from 6.2, see Upgrading Advanced Authentication in the Advanced Authentication- Server Installation and Upgrade guide.
NOTE:The default value of remote access parameters has been changed in the Windows Client.
For more information, see Configuring Single Sign-on Support for Citrix and Remote Desktop and Enabling Flexible Sign-on for Citrix VDI or Remote Desktop Login in the Advanced Authentication - Windows Client guide.
NOTE:If you complete the server registration before updating to Advanced Authentication 6.3 Service Pack 4, the Server update to 6.3.4 might not display. Therefore, it is required to de-register and register again to resolve this issue.
NOTE:The recommended upgrade sequence is the upgrade of Advanced Authentication servers, followed by plug-ins and Client components. Any change in the upgrade sequence is not supported.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see http://www.microfocus.com/about/legal/.
© Copyright 2021 NetIQ Corporation, a Micro Focus company. All Rights Reserved.