Notakey Authentication Server
v4.2.14 (2022-08-01)
- Dependency maintenance updates
- Adds support for multiple redirect URIs per single OpenID Connect client
v4.2.6 (2022-06-01)
- Fix for API clients management UI
- Fix for QR test in service view, use auth profiles for this
v4.2.5 (2022-05-10)
- Add device report CSV export functionality
- Fix for automatic license renewal
v4.2.4 (2022-04-25)
- Security improvements for onboarding workflow
- Documentation update
v4.0.46 (2022-03-24)
- Ensure authentication request UUID matches signature payload
- Verify that signing device belongs to auth request approver
- jQuery JS library updates
v4.0.38 (2022-03-11)
- Fix bug with built-in administration service onboarding from remote user sources.
v4.0.37 (2022-01-31)
- Fix service save error in some instances
v4.0.36 (2022-01-19)
- Simplification of Prometheus metric initialization
- Update of application webserver Puma
- Fix Prometheus metrics in clustered mode (WEB_CONCURRENCY > 1)
- Fix regression in error message to user when user lookup fails in remote repository
v4.0.35 (2022-01-10)
- Library and framework update
- Improved authentication and onboarding activity history view
- Fix ActiveDirectory integration to enforce group membership on every authentication
- Add option to delete stale external users during user sync
- Add support for authentication with email address and password for SimpleCredentials onboarding requirement
- Optimized user lookup when multiple allowed realms are present
v4.0.32 (2021-12-10)
- Documentation update
v4.0.31 (2021-11-11)
- New CI build system integration
v4.0.16 (2021-11-06)
- Automated test improvements
v4.0.13 (2021-11-03)
- Fixes for Redis and Consul migration tasks
v4.0.12 (2021-10-29)
- Added application server instance configuration (WEB_CONCURRENCY)
- Optimized license seat accounting
v4.0.11 (2021-09-29)
- Added link to license self-service
- Added configurable limit for Consul KV connections (CONSUL_MAX_CONNECTIONS)
- Improved license renewal and subscription support
- Redis connection pool configuration (REDIS_CACHE_MAX_CONNECTIONS, REDIS_MAX_CONNECTIONS)
- Improved license renewal and subscription support
v4.0.10 (2021-08-24)
- Schema migration fixes
v4.0.9 (2021-08-18)
- Various operational metrics now available via stats-agent service
- Service domain configuration in admin UI
- Fixed issues with KV store migration in multinode clusters
v4.0.8 (2021-07-16)
- Redis persistence support
- Framework and integration library update
- Performance improvements for large datasets, fixes ussues with lots of users
- Pagination support on service user view
- Improved user search and display
- Option to disable simplified username lookup feature per service
- Migration to a new Key-Value schema version, migration occurs during first instance launch
v4.0.2 (2021-06-18)
- Redis persistence support
- Framework and integration library update
v3.2.2 (2021-06-16)
- Fix bug affecting LDAP user sources
v3.2.1 (2021-05-13)
- Active Directory integration improvements, support for AD user UAC flags
- Active Directory and LDAP user source server address failover support
- Support for Active Directory and LDAP user source server name TLS certificate match ignore
- Cluster status page showing cluster details
- Various OIDC IdP improvements: logout, session expiry control, auth factor configuration
v3.1.3 (2021-04-30)
- Active Directory integration improvements
- Cluster status page showing cluster details
v3.1.2 (2021-04-13)
- OpenID Connect service compatability improvements with .NET libraries
- Fix for signed payload verification containing multiple text lines
- Fixed regression in service configuration flag update
v3.1.1 (2021-03-02)
- OpenID Connect implicit authentication flow suppport for onboarding
- OpenID Connect onboarding requirement configuration form improvements
v3.1.0 (2020-12-28)
- Support for OpenID Connect Identity Provider
- Certificate generation improvements
- Support for key security requirement change
- Service publish state support
- Custom service ordering support in mobile client
- Onboarded device certificate inspection support
v2.24.0 (2020-10-29)
- API improvements
- Dependency update
- Fixed issue with log archiving when OpenID onboarding is enabled
v2.23.6 (2020-10-13)
- API authentication dependency update
- Improved client for load and integration tests
v2.23.5 (2020-09-01)
- Fix URL for public QR code display
- Fix URL for pre-approval time request
v2.23.4 (2020-09-01)
- Key value store relational model improvements
v2.23.3 (2020-08-12)
- Various Open ID Connect onboarding improvements
v2.23.2 (2020-07-22)
- Add API credential management to admin UI
- Add security team management to UI
v2.23.1 (2020-07-20)
- Add support for license automatic renewal after expiry
- Use onboarding link in first run wizard
v2.23.0 (2020-06-30)
- Support for automatic API endpoint registration
- Separated configurations for SERVICE_FQDN and AUTH_DOMAIN
- Fixed proxy issue with messenger client
v2.22.0 (2020-06-05)
- Redis global cache support
- Build system changes
- Tagged builds with build date and other VCS labels
- Added support for administration dashboard users to be authenticated against remote user sources
- Remote users cannot be disabled locally
- Removed misleading “Last update” from home view
v2.21.3 (2020-06-05)
- Build system changes
- Tagged builds with build date and other VCS labels
- Added support for administration dashboard users to be authenticated against remote user sources
- Remote users cannot be disabled locally
- Removed misleading “Last update” from home view
v2.21.2 (2020-06-04)
- Build system changes
- Tagged builds with build date and other VCS labels
- Added support for administration dashboard users to be authenticated against remote user sources
- Remote users cannot be disabled locally
- Removed misleading “Last update” from home view
v2.21.0 (2020-05-27)
- Improved caching strategy for all elements
- Fixed second factor requirement change to be immediate
v2.20.2 (2020-05-14)
- Add support for user groups / user tagging features
- Fixed bug with CSV user import when mixed user repositories are used (external and local)
- Application framework update
- Add sync feature for external service users
v2.19.5 (2020-05-13)
- Fix error during onboarding when onboarding request is missing (due to retention)
- Increase default thread count for application server
- Add application load statistics interface
v2.19.3 (2020-03-23)
- Added biometry check option when configuring authentication profile
- Fixed bug with auth request generation from auth profile
v2.19.2 (2020-02-10)
- Add optional custom filter for LDAP usersource engine
v2.19.1 (2020-02-07)
- Allow partial username instead of full UPN for approval time requests
v2.19.0 (2020-02-07)
- SMS codes now can be copied in both iOS and Android
- Support for view level access to services
- Global team configuration in managent UI
- Messenger service client improvements
- Configurable timeout for messenger client
- Visual improvements for time request and onboarding views
- Admin session inactivity timeout now configurable
- Rewrite for password change to allow changing password without root service access
- Base image update to latest alpine linux (maintenance lifecycle)
- Application framework update (maintenance lifecycle)
- Additional licence fields in NAS user report
- Approver policy now can have multiple approvers
- Fixed bug in user import from CSV
v2.18.1 (2020-01-27)
- SMS codes now can be copied in both iOS and Android
- Support for view level access to services
- Global team configuration in managent UI
- Messenger service client improvements
- Configurable timeout for messenger client
- Visual improvements for time request and onboarding views
- Admin session inactivity timeout now configurable
- Rewrite for password change to allow changing password without root service access
- Base image update to latest alpine linux (maintenance lifecycle)
- Application framework update (maintenance lifecycle)
- Additional licence fields in NAS user report
- Approver policy now can have multiple approvers
- Fixed bug in user import from CSV
v2.17.0 (2019-12-19)
- Show configured auth domain in setup wizard
- Require password confirmation for initial setup
- Documentation update
- Full CRUD operation on service users
- Simplified device and user discovery over API based on signature fingerprint
- Error notification in authentication profiles
- On error event callbacks in authentication profiles
- Auth request cancellation API method
v2.16.9 (2019-11-05)
- Added autentication profile functionality
v2.16.8 (2019-09-25)
- Fixed minor edge case where querying auth request returns HTTP status 500
v2.16.7 (2019-09-23)
- Admin access recovery from CLI
- Log archiving fixes
- Initial setup from CLI
v2.16.6 (2019-09-11)
- Added support for special biometric auth request category
v2.16.5 (2019-09-11)
- Bugfix for onboarding requirements configuration
v2.16.4 (2019-09-03)
- Biometry authentication support in API and management UI
- Visual improvements for onboarding and authentication flow views
v2.16.3 (2019-08-20)
- API worker mode bugfix
v2.16.0 (2019-08-16)
- LDAP user source improvements, realm validation and attribute mapping
- Application role configuration support (worker, management)
- Validate logo presence on new service creation
v2.15.1 (2019-06-19)
- Fix bug with missing version information
- Fix bundled API documentation formatting and add scope information for API calls
v2.15.0 (2019-06-18)
- Support for optional WhatsApp number verification instead of SMS
v2.14.14 (2019-06-17)
- Fix state sync bug when using multiple devices to approve auth requests
v2.14.13 (2019-06-07)
- Users page in each service now has a function to send generic notification or SMS to all onboarded users.
- API method to send generic notification or SMS to single user, requires urn:notakey:notify scope.
- Fixed bug where COUNTRY_PREFIX configuration option would be ignored during onboarding when user has mobile number in national format, without country prefix.
v2.14.12 (2019-05-20)
- CLI reporting functionality
v2.14.11 (2019-05-17)
- Do not allow invalid token publishing
- Shorten default API client ID
v2.14.10 (2019-04-15)
- Device telemetry support
- Visual improvements
v2.14.9 (2019-04-04)
- Support for relaxed device onboarding
- Max device limit can be specified globally per service
v2.14.8 (2019-03-26)
- Logrotate bugfix
v2.14.7 (2019-02-23)
- Fix send test notification
- Show formatted dates in user details
- Add user license detail panel
- Add some more attributes for application user display
- Disable attribute editing for external users
- Add none selected translation for approver policy
- Allow setting and unsetting approver without any warning messages
v2.14.6 (2019-02-20)
- Fix syslog configuration save bug
- Support for Active Directory TLS port configuration
v2.14.5 (2019-01-31)
Docker image: notakey/dashboard:2.14.5
- Fixes broken device discovery due to broken indexes
v2.14.4 (2019-01-28)
Docker image: notakey/dashboard:2.14.4
- Documentation fixes
- Data migration for index and sequences fixed
v2.14.3 (2018-12-10)
Docker image: notakey/dashboard:2.14.3
- Do not wait for push nofification processing
- Fix favicon
- QR code domain configuration support
- Callback URL bug fix
- Improved CSV support
- Documentation improvements
v2.14.2 (2018-11-06)
Docker image: notakey/dashboard:2.14.2
- M2M API fore encryption key registration
- Callback support in AuthRequests
- Service provider state param support in AuthRequests
- QR code optimisations
v2.14.1 (2018-10-26)
Docker image: notakey/dashboard:2.14.1
- M2M API authentication enhancements
- Support for user disable / enable from API and GUI
- Support for additional user management API calls
- Admin user management improvements
v2.13.5 (2018-08-03)
Docker image: notakey/dashboard:2.13.5
- Speed improvements for auth request generation
v2.13.4 (2018-07-24)
Docker image: notakey/dashboard:2.13.4
Bug fixes
- Improved audit log cleanup
- Compatability with old windows CP clients
v2.13.3 (2018-07-17)
Docker image: notakey/dashboard:2.13.3
Bug fixes
- Fixed audit logging for administration sessions
v2.14.0 (2018-07-12)
Docker image: notakey/dashboard:2.14.0
- M2M API authentication enhancements
- Support for user disable / enable from API and GUI
- Support for additional user management API calls
v2.13.2 (2018-07-12)
Docker image: notakey/dashboard:2.13.2
Bug fixes
- Fixed authentication requests using UPN
- Fixed indexing issue with application users
- Fixed healthcheck throwing app out of service due load increases
v2.13.1 (2018-01-04)
Docker image: notakey/dashboard:2.13.1
Bug fixes
- Fixed issue when ActiveDirectory GUID would not be properly decoded.
v2.13.0 (2017-11-13)
Docker image: notakey/dashboard:2.13.0
Features
- Can now see active licence count
- Improved logger output
Bug fixes
- Fixed cases when appliance incorrectly determined cluster having a leader.
v2.12.0 (2017-10-23)
Docker image: notakey/dashboard:2.12.0
Features
- Introducing Authentication Server application. This is a special type of application which has these characteristics:
- It is used for Notakey Authentication Server onboarding.
- Allows enforcing 2FA authentication for administrators.
- Allows NAS administrator management.
v2.11.0 (2017-10-17)
Docker image: notakey/dashboard:2.11.0
Features
- Added CORS support for our API.
- User device API endpoint now returns associated public key.
v2.10.0 (2017-10-13)
Docker image: notakey/dashboard:2.10.0
Features
- Onboarding and service pinning can now be performed using a QR code.
- Added confirmation dialogs on any destructive action, such as removing an application.
Tasks
- Updated Ruby and Ruby on Rails versions to mitigate newly discovered security vulnerabilities.
v2.9.0 (2017-09-29)
Docker image: notakey/dashboard:2.9.0
Features
- Added security level to application. This option determines wether a user needs PIN/Fingerprint on their devices or not.
- Added expiring appliance licence notifications
- Omitting health-check requests in logs, making them less verbose
v2.8.5 (2017-09-19)
Docker image: notakey/dashboard:2.8.5
Bug fixes
- Fixed auth request signature validation containing UTF-8 characters.
v2.8.4 (2017-09-04)
Docker image: notakey/dashboard:2.8.4
Bug fixes
- Fixed race condition when rendering side navigation from multiple threads.
v2.8.3 (2017-08-30)
Docker image: notakey/dashboard:2.8.3
Bug fixes
- Fixed “Users pending manual approval” being hidden for non-root users.
v2.8.2 (2017-08-16)
Docker image: notakey/dashboard:2.8.2
Bug fixes
- Fixed signature validation when missing application logos
- Fixed permission issue when viewing created user sources
v2.8.1 (2017-07-20)
Docker image: notakey/dashboard:2.8.1
New Features
- Added application user table sorting and filtering
Bug fixes
- Fix time zone configuration.
v2.8.0 (2017-07-14)
Docker image: notakey/dashboard:2.8.0
There are cases when access to a particular system should not be granted permanently or independently. Multi-user approval provides a solution by allowing to configure an approver for an employee.
New Features
Introducing two new policies regarding multi-user approval: - Immediate approval - each request to an application must be immediately approved by manager (approver). - Pre-approval - user requests access to an application for a specified period of time.
v2.7.1 (2017-06-07)
Docker image: notakey/dashboard:2.7.1
Bug fixes
- Fixed missing navigation icons and favicon.
v2.7.0 (2017-06-06)
Docker image: notakey/dashboard:2.7.0
New Features
- Added a new health check parameter to ensure node is operational.
- Now when user changes password, old password must be entered for confirmation.
Misc. Improvements
- Improve frontend in offline mode by removing assets stored in remote CDN’s.
v2.6.0 (2017-05-29)
Notakey now supports user onboarding through LDAP user source.
Docker image: notakey/dashboard:2.6.0
New Features
- Added an option to specify LDAP as a user source.
v2.5.0 (2017-05-22)
Notakey appliance supports HTTP proxy
Docker image: notakey/dashboard:2.5.0
New Features
- Administrators can now set HTTP proxy settings.
- System uses default port for rsyslog endpoint.
v2.4.0 (2017-05-10)
Notakey appliance now supports Openid Connect onboarding
Docker image: notakey/dashboard:2.4.0
New Features
- Users can now be onboarded using Openid Connect.
v2.3.0 (2017-05-03)
Extending Rsyslog functionality
Docker image: notakey/dashboard:2.3.0
New Features
- Administrator can now set appropriate facility for rsyslog endpoint.
v2.2.0 (2017-05-02)
Introducing Remote syslog integration.
Docker image: notakey/dashboard:2.2.0
New Features
- Administrator can now set Rsyslog endpoint to receive real-time audit events.
v2.1.0 (2017-04-25)
We are pleased to announce a multi-node deployment focused version of the Notakey Authentication Server.
Docker image: notakey/dashboard:2.1.0
New Features
- if a multi-node cluster is in a read-only state, then authentication requests can now be created in-memory (on the specific node, which received the API request)
- administrators can now change their passwords via the web-based user-interface (in the user profile section)
Misc. Improvements
- usernames are no longer case-sensitive
- reduced system boot time by a factor of 10
Bug Fixes
- fixed a bug where application logos would not be rendered
- the healtcheck endpoint would not work at all, if a multi-node cluster was in a read-only mode
- when sending
POST
requests to/api/v2/auth_request
, thettl_seconds
parameter would not be parsed properly, and cause an error
v2.0.22 (2017-04-06)
v2.0.21 -> v2.0.22 (2017-03-29)
- Allow authentication when consul cluster is in read-only mode.
v2.0.21 (2017-03-16)
2.0.21
- added session timeout for dashboard admin users (the session will time out after 10 minutes of inactivity)
- internal: rails framework update to 5.0.2
- bugfix: side navigation was cached based on URL, and sometimes displayed incorrect application list
- ui: removed performance counter from the top-left corner of each page
- bugfix: onboarding requirements were incorrectly serialized in a few corner cases
v2.0.20 (2017-03-06)
v2.0.19 -> v2.0.20 (2017-03-06)
- Implement TTL for AuthFlow and OnboardingFlow
v2.0.19 (2017-03-02)
v2.0.18 -> v2.0.19 (2017-03-02)
- Dashboard now displays Onboarding and Authorization activities under every Application.
- Added ability to reset onboarding process from “Onboarding activities”
v2.0.18 (2017-02-21)
v2.0.17 -> v2.0.18 (2017-02-21)
- Clear onboarding request on failed user device creation.
v2.0.17 (2017-02-16)
v2.0.16 -> v2.0.17 (2017-02-16)
- Fix SMS onboarding workflow
v2.0.16 (2017-02-16)
v2.0.15 -> v2.0.16 (2017-02-16)
- Enable SMS onboarding in production
v2.0.15 (2017-02-16)
v2.0.14 -> v2.0.15 (2017-02-16)
- Fixed test notification from user’s dashboard
v2.0.14 (2017-02-15)
v2.0.13 -> v2.0.14 (2017-02-15)
- Added ability to edit application user attributes
v2.0.13 (2017-02-14)
v2.0.12 -> v2.0.13 (2017-02-14)
- Fixed an issue when max user device validation would fail when saving single device.
v2.0.12 (2017-02-14)
v2.0.11 -> v2.0.12 (2017-02-14)
- Fixed onboarding device list removal button styling issue
v2.0.11 (2017-02-14)
v2.0.10 -> v2.0.11 (2017-02-14)
- Added ability to remove onboarded devices from “Application User” view.
v2.0.10 (2017-02-13)
v2.0.9 -> v2.0.10 (2017-02-13)
- Implemented SMS onboarding
- Validates user’s phone number and adds missing country code
v2.0.9 (2017-02-08)
v2.0.8 -> v2.0.9 (2017-02-08)
- Application user can now be found regardless of username’s case
- Improved branding logo quality
- Solved an issue when dashboard’s API incorrectly tried to validate an expired authentication request
- Implemented SMS onboarding
- Validates user’s phone number and adds missing country code
- Send SMS using messenger service
- Can set allowed number of devices for each user