On-Prem SSO integration service
Released on Feb 12, 2025
N/A
KSC-433: XSS in SAML auth
KSC-392: Support Java 17 LTS on Windows Server
KSC-426: RSA PKCS1, version 1.5 Deprecated
Released on December 19, 2023
Released on April 10, 2023
KSC-411: Additional SAML destination URL added for Android support. This value is used when an On-Prem SSO user changes their PBKDF2 iteration levels.
KSC-395: The template "API error: XXX" needs to be translated and replaced with an appropriate error message. This occurs when SSO Connect cannot contact the Keeper backend API.
KSC-387: Two-Factor Authentication with a TOTP method states "code send via text message" which is an invalid string.
KSC-415: Improve security of SAML XML parsing, as flagged by CodeQL
KSC-412: Expand the list of Identity Providers in the UI
Released on Jan 6, 2023
SSO Connect (On-Prem) Version 16.0.6 contains several security updates that are recommended for all customers.
Affected JIRA Tickets:
KSC-408: Removal of Apache Commons libraries (Note: commons library was not in use, but the library has been removed from the package).
KSC-397: Security fix from NCC Group pen test
KSC-404: Alignment of encryption libraries between On-Prem and Cloud SSO platforms
Released Jan 6, 2022
SSO Connect (On-Prem) Version 16.0.4 contains a security update that is recommended for all customers. This release upgrades SSO Connect Log4j to version 2.17.1.
Released on Dec 16, 2021
SSO Connect (On-Prem) Version 16.0.3 contains a security update that is recommended for all customers.
Released on December 10, 2021
SSO Connect (On-Prem) Version 16.0.2 contains a security update that is recommended for all customers.
Please contact Keeper Enterprise support if you require assistance with the upgrade.
Released on Nov 29, 2021
SSO Connect (On-Prem) Version 16.0.1 contains a security update that is recommended for all customers.
Released on Aug 23, 2021
SSO Connect (On-Prem) Version 16.0.0 is a general update that is recommended for all customers. In particular, this updates all libraries and dependencies within the software to the latest stable versions.
Released on May 23, 2021
Released on April 2, 2021
Unable to upload a new SSL certificate
Security updates
Support for Australia (AU) region
Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect
Most issues can be resolved quickly by following the step by step guide.
Released March 15, 2021
KSC-359: Duo 2FA fails on SSO Connect Admin Console
KSC-360: Web socket push connections fail
KSC-361: Unable to upgrade Windows via the msi installer
Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect
Released March 10, 2021
Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3
Protection against sync issues between user devices and SSO Connect server, due to a user being deleted or the SSO Connect server losing websocket connectivity.
KSC-350: Sync issues occurring on the SSO Server
KSC-349: An error message should be generated when unable to add JIT user to SSO Connect node
KSC-335: Updated 3rd party libraries by either removal or update to latest versions.
KSC-358: Updated Jetty version (CVE-2020-27218)
KSC-352: Ensure all Data and Folders are deleted upon SSO Connect uninstallation
Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect
Released March 23, 2020
SSO Connect provides a flow where the login token is returned with the HTTP 301 redirect response.
Fixed: "New password" field is not appearing when the client sends new password action to SSO Connect.
Fixed: The JIT flag is cleared after entering into Configuration and Saving.
Fixed: NPE received in Configurator when certificate file can't be read during SKS initialization.
Released on January 3, 2020
Support for TLS 1.3
Support for Amazon AWS CloudHSM v2
New "SAML Debug" screen which displays all recent SAML request/response history for troubleshooting purposes.
Improved messaging when using a 2FA method such as Google Authenticator
Improved debug logging
Additional information regarding HSM is displayed on UI of Admin Panel
Better handling of service startup when network connection has not been established on the instance
Improved handling of AD FS logout to remove error messages in logfile
Messaging to notify users when incompatible Java versions are found
Released on December 5, 2019
We have released an update for Keeper SSO Connect, with new security and performance improvements. Please download and update your Keeper SSO Connect to version 14.1.3 by following these steps:
Released on August 22, 2019
Just-in-time provisioning ("invite_new_users" property) is now in shared.properties rather than instance.properties. The old setting may remain in instance.properties; it will be ignored.
User is now notified in the SSO Connect interface if the SSL certificate is expired or expiring soon. Modified the backend API properties handler to send two new properties: ssl_expires_soon and idp_cert_expires_soon. If true, the UI will turn the appropriate date red on the screen to inform the admin that they need to update the certificate.
Fixed: UI issue related to ECC signed certificates
Fixed: Error if "key_type" parameter missing from config file
Fixed: Replaced old Keeper logos with new logo files
Fixed: When the user is on the Configuration page and presses "Save", it is possible to get an Alert box in the browser that simply says, "undefined".
Released on July 19, 2019
UI improvement on the SSO Connect admin panel
UI improvement on the installer
Improved Safari browser support
Additional error handling from the identity provider.
Now interprets 23 possible StatusCode responses from the IDP, plus the cases of an unknown StatusCode and a missing StatusCode. Any errors are propagated to the Keeper client in the values of the ‘result_code’ and ‘message’ properties which are displayed to the user.
Released on May 9, 2019
SSO Connect now has a new configuration parameter: key_type. The value can be “rsa” or “ec” (case-insensitive). This is a shared property so it is stored in the data/shared.properties file.
It is also synchronized with KeeperApp and shared with other instances.
We also removed the “key password” dialog box on the Configuration page when the SSL certificate file is in .pfx format. The library we are using assumes that if the file has both a “key store password” and a “key password”, they are the same. So we shouldn’t allow the user to enter a different “key password”.
Package Keeper SSO Connect as .msi installer
The SAML IDP Metadata standard says that the metadata must contain one SingleSignOn binding, either POST or REDIRECT. Keeper SSO Connect is requiring Redirect. Changed the validator to accept either POST or REDIRECT.
Support for password-protected .pfx certificate files
Released on March 4, 2019. This is a major release update that provides Gemalto HSM integration for on-premise and cloud-based secure key storage.
Support for Gemalto Luna HSM modules for enhanced key protection
Improved README and online documentation
Improved reliability and stability
Admin Console login issues with IE and Edge browsers are resolved
Switched from Google protobuf to protobuf.js library
Version 14.0.0: Support for Gemalto HSM key storage, support for latest Keeper Backend API encryption updates.
Released on January 23, 2019.
Over 20 bug fixes and improvements to the Keeper SSO Connect application service.
Ability to add additional SAML debugging logging
Show IDP errors in the UI console in addition to log file
Update the user prompts during the config process
CLI auto-switches between US and EU regions
Improvements to OKTA integration
Removed information disclosure related to the internal HTTP server version
Removed external Javascript content downloads
User not logged out from IdP (Okta) on Keeper Logout
Malformed request on Okta IdP logout
UI string fixes
CLI switching between US and EU regions
Port 443 explicitly configured on the UI not compatible with Okta
Inconsistent "ping" status response in HA environments
Support <EntitiesDescriptor> at the top level of SAML metadata file
OneLogin IdP login failures
Full support of SAML data compression according to SAML 2.0 specification
Disable client-initiated renegotiation
Version 14.0.0: Support for Gemalto HSM key storage, support for latest Keeper Backend API encryption updates.