|
The following items denote all changes made to this product. Latest changes appear at the top of the list. Some old versions of software may be downloaded by clicking on the availability column, however it is recommended that customers always use the latest software.
The latest version of this software may be downloaded here.
To keep up with the latest changes and updates, subscribe to the RSS feed for this product here: 
| 3.0.0 |
Click | Enhancement | Change ssl client to default to "TLSv1.2" rather than "SSL" |
| 3.0.0 |
Click | Enhancement | Now works with NTLMv2, the default used by Windows 7 workstations and Windows 2008 servers |
| 3.0.0 |
Click | Bug | An optimization was added to booster ESSO a while back that checked the booster session id:
> _pma_sess_id=2-11AD96187BA-11AD9662D5F;
To determine if authentication should reoccur. If there is a valid bootser esso session, then skip the authentication. IE kills this optimization, because the ltpa token is valid and the booster session is valid BUT it sends Content-length: 0 and and Authorization: headers.
We have removed the booster session checking. This means that every request will require the small overhead of reparsing all the cookies.
see: http://blogs.msdn.com/david.wang/archive/2005/12/01/HTTP-POST-Fails-for-Anonymous-Authentication.aspx |
| 3.0.0 |
Click | Enhancement | Added code to always remove the "Authorization:" http header so no remnants of the NTLM/SPNEGO handshake is passed to the backend server. This was causing a problem for IIS as IIS was attempting to process the handshake itself. This issue only occurred for IE browsers POSTing data as IE would include the last part of the handshake again in the final POST. |
| 3.0.0 |
Click | Bug | Fixed a regression bug introduced during the implementation of SPNEGO/Kerberos authentication. The issue is internet explorer sends a POST with content length of zero along with a new authentication. The old code was ignoring this re-authentication. For more information on the IE6 behaviour, please see http://www.websina.com/bugzero/kb/browser-ie.html
|
| 2.00 | | Other | Updated license management to support per user licensing. Required to allow an ESSO Lite version. |
| 2.00 | | Other | Added protection to display an "Evaluation" page at the end of the SSO process if the software is not licensed. This page will only appear periodically as a reminder to license the software. |
| 2.00 | | Bug | Fixed an issue where a Domino-style token was not being correctly identified. "Invalid or expired Ltpa token" message was being displayed |
| 2.00 | | Enhancement | When the Negotiate mechanism is enabled, now send Negotiate and NTLM in the http headers. |
| 2.00 | | Bug | Fixed issue where if a client replied with NTLM when Negotiate was enabled, the challenge back to the browser would be sent with a Negotiate instead of NTLM |
| 2.00 | | Enhancement | When an Ltpa token is invalid or expired, do not show a stacktrace. |
| 2.00 | | Enhancement | Remove earlier feature where text was sent to the browser along with the 401 challenge. It appears some browsers do not respond correctly when a 401 response contains content-length greater than zero |
| 2.00 | | Enhancement | Add token expiry to cookie so that token is not passed back to the server after the internal expiry date is passed |
| 2.00 | | New Feature | Send an HTML message with the 401 challenge that explains that your browser is not configured correctly. This will only be shown by browsers that don't resond to the 401 challenge. Previously those browser got the error "Request has no content" |
| 2.00 | | Enhancement | Check for jsessionid on portal server and redirect to portal home if the cookie is missing. puakma.config setting:
WEBSSOjsessionidHome=/myportal |
| 2.00 | | New Feature | Implement Kerberos as an authentication method via 'Negotiate' http header |
| 2.00 | | New Feature | Add debugging URL to show what the server is using for its configuration. Particularly useful for troubleshooting NTLM configuration.
WEBSSODebugURI=/testsso |
|
