CHANGELOG: Web Booster Enterprise Single Sign On (PT0027)

The following items denote all changes made to this product. Latest changes appear at the top of the list. Some old versions of software may be downloaded by clicking on the availability column, however it is recommended that customers always use the latest software.

The latest version of this software may be downloaded here. To keep up with the latest changes and updates, subscribe to the RSS feed for this product here: RSS Feed

VersionAvailabilityChange TypeDetails
3.0.0 ClickEnhancementChange ssl client to default to "TLSv1.2" rather than "SSL"
3.0.0 ClickEnhancementNow works with NTLMv2, the default used by Windows 7 workstations and Windows 2008 servers
3.0.0 ClickBugAn optimization was added to booster ESSO a while back that checked the booster session id: > _pma_sess_id=2-11AD96187BA-11AD9662D5F; To determine if authentication should reoccur. If there is a valid bootser esso session, then skip the authentication. IE kills this optimization, because the ltpa token is valid and the booster session is valid BUT it sends Content-length: 0 and and Authorization: headers. We have removed the booster session checking. This means that every request will require the small overhead of reparsing all the cookies. see:
3.0.0 ClickEnhancementAdded code to always remove the "Authorization:" http header so no remnants of the NTLM/SPNEGO handshake is passed to the backend server. This was causing a problem for IIS as IIS was attempting to process the handshake itself. This issue only occurred for IE browsers POSTing data as IE would include the last part of the handshake again in the final POST.
3.0.0 ClickBugFixed a regression bug introduced during the implementation of SPNEGO/Kerberos authentication. The issue is internet explorer sends a POST with content length of zero along with a new authentication. The old code was ignoring this re-authentication. For more information on the IE6 behaviour, please see
2.00OtherUpdated license management to support per user licensing. Required to allow an ESSO Lite version.
2.00OtherAdded protection to display an "Evaluation" page at the end of the SSO process if the software is not licensed. This page will only appear periodically as a reminder to license the software.
2.00BugFixed an issue where a Domino-style token was not being correctly identified. "Invalid or expired Ltpa token" message was being displayed
2.00EnhancementWhen the Negotiate mechanism is enabled, now send Negotiate and NTLM in the http headers.
2.00BugFixed issue where if a client replied with NTLM when Negotiate was enabled, the challenge back to the browser would be sent with a Negotiate instead of NTLM
2.00EnhancementWhen an Ltpa token is invalid or expired, do not show a stacktrace.
2.00EnhancementRemove earlier feature where text was sent to the browser along with the 401 challenge. It appears some browsers do not respond correctly when a 401 response contains content-length greater than zero
2.00EnhancementAdd token expiry to cookie so that token is not passed back to the server after the internal expiry date is passed
2.00New FeatureSend an HTML message with the 401 challenge that explains that your browser is not configured correctly. This will only be shown by browsers that don't resond to the 401 challenge. Previously those browser got the error "Request has no content"
2.00EnhancementCheck for jsessionid on portal server and redirect to portal home if the cookie is missing. puakma.config setting: WEBSSOjsessionidHome=/myportal
2.00New FeatureImplement Kerberos as an authentication method via 'Negotiate' http header
2.00New FeatureAdd debugging URL to show what the server is using for its configuration. Particularly useful for troubleshooting NTLM configuration. WEBSSODebugURI=/testsso