LogonBox SSPR 2.4.17 released

Chris Dakin

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.4.17.

This release includes improved certificate support, some updates to SAML as well as the ability to trigger events on user password expiries.

The changelog at the bottom lists all new features and bugs fixed.

 

SSL certificate changes

SSL certificate keys now support RSA 3072-bit keys.

 

SAML support

SHA384 and SHA512 algorithm support has been added to the SAML Digest Method.

This was previously hard-coded to SHA-1. For ease of configuration, the digest method uses the same setting as set in the 'Sign Assertion Algorithm option'.

 

Password Expiry per-user events

Previously, once a 'password expiring' or 'password expired' daily job had completed, only a summary of the number of affected users was logged.

There is now an option inside the relevant message template called 'Generate event for users'.

When this option is turned on, an event will also be logged for each affected user.

This allows you to use this event as a trigger option for performing further automations on the system, or just to make it easier for an admin to see exactly which accounts were affected.

 

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on to your admin account, navigate to Server Status from the main dashboard, and click Update. If you have Updates, Features & Licensing->Update Prompt turned on, you may also be prompted automatically upon login.

 

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

 

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

 

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

https://docs.logonbox.com/app/manpage/en/article/6172513

Our support team will upgrade Cloud customers over the coming week.

 

Changes

Here is a summary of the changes in this release.

Features

  • Added support for SSL Certificates with RSA 3072-bit key algorithm.
  • Removed download links for deprecated browser password management extensions.
  • Updated Log4J to latest release.
  • Added SHA384 and SHA512 algorithm support to SAML Digest Method (uses the same setting as set in Sign Assertion Algorithm).
  • Added an option to Password Expired and Password Expiring message templates to allow logging of separate expired/expiry events per user (this allows options for linking with triggers).

Bugs

  • Removed the partial reconcile schedule expression from non-AD user directories (as this is only supported on AD).
  • Password expired emails are now correctly limited by the Maximum Expiry Emails Age option.
  • When editing a Role, the permissions list no longer goes blank after interacting with it.
  • Hazelcast update checks should now no longer happen.
  • Email messages will work now if the plain body is blank and only html exists.
  • Resolved an incompatibility with an AD password potentially having a maximum password age greater than the max age that can be stored in the database. Any password expiring after the year 2125 will now be considered as never expires.
  • SAML Digest Algorithm is now set to the same as the Sign Assertion algorithm, rather than hard coded to SHA1.
  • Fixed an error on password reset if Authentication Flows->Authentication Options->Password Reset->No Login is turned Off.
  • Upgraded the DB schema for older systems to correct the character set and collation on some DB tables.
  • On an LDAP User Directory, including an OU that contains only users now works as expected.
  • When creating a new realm, the wgx interface now starts automatically again.