Advanced Authentication as a Service (SaaS) Release Notes 2022

In addition to the existing on-premises and cloud-based deployments, Advanced Authentication is now available in the Software as a Service (SaaS) model. Micro Focus hosts and maintains the Advanced Authentication Servers with their databases. You can use it to secure access to your corporate resources, such as various portals, workstations, and VPN servers.

For more information about Advanced Authentication and its features, see Introduction to Advanced Authentication.

The following are the key differences between SaaS and non-SaaS models:

Feature

Advanced Authentication

Advanced Authentication as a Service

Setup

Installation is required

Installation is not required

Billing

License-based

Subscription-based

Hardware

Must meet the recommended system requirements

Does not require extensive hardware

For the list of other documents related to Advanced Authentication, see the Advanced Authentication NetIQ Documentation page. For more information about the product and support, see the Advanced Authentication Product website.

If you have suggestions for documentation improvements, click comment on this topic at the bottom of the specific page in the HTML version of the documentation posted on the Advanced Authentication NetIQ Documentation page.

The release number is in the YYYY.M.RELEASE NUMBER format.

1.0 2022.8.1 Update

Advanced Authentication as a Service 2022.8.1 includes the following updates:

1.1 Enhancements

This release includes the following enhancements:

Ability to Disable Fast Sync and Modify Fast Sync Interval for the Cloud Bridge External Repository

This release introduces the following options in the Cloud Bridge External repository on the Administration Portal:

  • Fast sync enabled: This option allows you to disable the automatic fast sync initialization of the repository and this might impact the functioning of other dependent components.

  • Time between fast syncs: Select the required synchronization interval between the fast syncs from the list. By default, the interval is set to 5 minutes.

For more information, see Advanced Settings in the Advanced Authentication - Administration guide.

Timeout Settings Support for Web Authentication Events

From this release, tenant administrators are allowed to configure the following timeout settings in Web Authentication events:

  • Session Timeout

  • Authorization Code Timeout

  • Access Token Timeout

  • Refresh Token Timeout

  • Public Refresh Token Timeout

  • Session Token Revocation Timeout

For more information, see Configuring Timeout in the Advanced Authentication - Administration guide.

1.2 Software Fixes

Component

Issue Description

Administration Portal

The OAuth2 event that is created using an API call is not displayed in the authcfg.xml for the tenant. Therefore, it is not possible to issue an access or refresh token.

Administration Portal

The fast synchronization process of the Cloud Bridge repository takes more than five minutes later display some errors in the logs.

Administration Portal

Unable to initiate the full synchronization process after changing Advanced Settings of the Cloud Bridge repository.

Cloud Bridge Repository

On large Cloud Bridge repositories, with 10K user records, the full synchronization process suspends automatically and the synchronization fails.

OAuth2/ OpenID Connect

When users select the SAML SP method to access the OAuth2/ OpenID Connect events, the field to specify the password is not displayed. However, users are granted access without the password.

Web Authentication

The Facial Recognition method does not work in the Web Authentication events.

2.0 2022.5.1 Update

Advanced Authentication as a Service 2022.5.1 includes the following updates:

2.1 Enhancement

This release include the following enhancement:

API Support for OAuth Authentication

This release introduces OAuth2 Application policy to allow the OAuth2 protocol-based applications to access the Advanced Authentication API.

For more information, see OAuth2 Application in the Advanced Authentication - Administration guide.

Also, introduces API calls to retrieve the following information of OAuth2 authentication:

  • Authenticated User details

  • Chain details

  • Tenant details

For more information, see Advanced Authentication API guide.

2.2 Software Fixes

Component

Issue Description

SAML Service Provider

Pre-condition:

Download the SAML metadata from the https://<servername>/osp/a/TENANT1/auth/saml2/metadata URL.

Uploading Identity Provider with the above metadata in the SAML Service Provider method causes configuration error in the web authentication of corresponding tenants. Removing the Identity Provider is not restoring the default identity provider settings and the web authentication is not accessible.

Web Authentication

Deleting a Web Authentication event that contains incorrect configuration does not reconfigure or restart the Web Authentication module cache.

3.0 2022.3.1 Update

Advanced Authentication as a Service 2022.3.1 includes the following updates:

3.1 Enhancements

This release includes the following enhancements:

An Option to Validate the OTP Methods Manually

This release introduces the following options in the respective OTP methods:

  • Verify email address: This option is introduced in the Email OTP method and helps to send the verification code to a specified email address. This option allows the users to validate the email address during the manual enrollment.

    For more information, see Email OTP in the Advanced Authentication - Administration guide.

  • Verify phone number: This option is introduced in the SMS OTP and Voice OTP methods to send the verification code to a specified phone number. This option lets users verify whether the phone number is valid before the manual enrollment.

    For more information, see SMS OTP and Voice OTP in the Advanced Authentication - Administration guide.

Timeout Options

This release introduces the following options in the Login Options policy:

  • Logon timeout (seconds): This option allows you to set the maximum duration of the logon session. The user must specify the login credentials within this duration to prevent the session termination.

  • Logon inactivity timeout (seconds): This option allows you to set the maximum inactivity timeout of the logon session, and a user can remain idle within this duration.

    For more information, see Login Options in the Advanced Authentication - Administration guide.

Renamed FIDO 2.0

In this release, the FIDO 2.0 method is renamed to FIDO2.

Ability to Retrieve the Risk Score

After integrating a product with Advanced Authentication, the administrators can use the following API call to retrieve the Risk Score of an authenticated user after successful authentication:

api/v1/logon/{{logon_process_id}}/do_logon

Support for HANIS Face Method

Advanced Authentication provides the Home Affairs National Identification System (HANIS) method that facilitates citizens of South Africa to authenticate using their face that has been enrolled in the National Identification System. During authentication, the Advanced Authentication server forwards the user details to the third-party service provider that is integrated with National Identification System where the validation takes place. The user gets authenticated to the required resource or endpoint based on the validation result.

For more information, see HANIS Face in the Advanced Authentication - Administration guide.

3.2 Software Fixes

Component

Issue Description

Administration Portal

After the full synchronization of the Cloud Bridge External repository, the following error message is displayed:

'NoneType' object has no attribute 'append'

Administration Portal

When eDirectory is configured as the external repository in Advanced Authentication, and the user entries include multiple CN values, then synchronization fails and displays an error message.

Administration Portal

When an administrator tries to change the Cache expiration time in the Cache Options policy, the updated expiration time is not saved, and changes are not applied.

Administration Portal

When the Cloud Bridge Agent is down and the administrator tries to verify the configuration using the Test Configuration button, an invalid message Gateway Timeout is displayed without stating the cause.

Administration Portal

When the full synchronization on the Web server is in progress and if the fast synchronization is initiated on the Master server simultaneously, the full synchronization fails and results in an error.

Enrollment Portal

When a user tries to test the FIDO2 method in the Enrollment portal, the test fails, and the following message is displayed:

expected 'status' to be 'string', got: error.

4.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

5.0 Legal Notice

© Copyright 2022 Micro Focus or one of its affiliates.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/en-us/legal.