Please click on the navigation to the left in order to read each release note.

バグ修正

ありません

セキュリティアップデート

• KSC-433: SAML認証におけるXSSの修正

その他の向上点

• KSC-392: Windows ServerでのJava 17 LTSのサポートを追加

• KSC-426: RSA PKCS1 バージョン1.5の非推奨化

バグ修正

ありません

セキュリティについてのアップデート

• KSC-423: Crypto-js CVE-2023-46233のセキュリティの脆弱性

その他の向上点

• KSC-419: vault/previewを有効な宛先として追加

• KSC-421: key=parameter形式のECCキーに対応

• KSC-422: SSO成功/エラー画面の色とスピナーを変更

バグ修正

• KSC-411: Androidサポート用に追加のSAML宛先URLが追加しました。この値は、オンプレミス SSOユーザーがPBKDF2反復レベルを変更する際にに使用されます。

• KSC-395: 「API error: XXX」というエラーメッセージが表示される不具合を修正。

• KSC-387: TOTP方式による2要素認証で「コードはテキストメッセージで送信されます」という間違ったメッセージが表示される不具合を修正。

セキュリティのアップデート

• KSC-415: CodeQLに指摘されたSAMLのXML解析のセキュリティを向上

その他の向上点

• KSC-412: UIでIDプロバイダの一覧を拡充

SSO Connect (On-Prem) Version 16.0.4 contains a security update that is recommended for all customers. This release upgrades SSO Connect Log4j to version 2.17.1.

SSO Connect (On-Prem) Version 16.0.3 contains a security update that is recommended for all customers.

SSO Connect (On-Prem) Version 16.0.2 contains a security update that is recommended for all customers.

Please contact Keeper Enterprise support if you require assistance with the upgrade.

SSO Connect (On-Prem) Version 16.0.1 contains a security update that is recommended for all customers.

SSO Connect (On-Prem) Version 16.0.0 is a general update that is recommended for all customers. In particular, this updates all libraries and dependencies within the software to the latest stable versions.

Bug Fixes

• KSC-367: HSM initial startup can lead to unintentional Service Start

• KSC-368: Logout from SSO configuration web page does not logout from SSO IdP

Bug Fixes

• Unable to upload a new SSL certificate

• Security updates

Improvements

• Support for Australia (AU) region

Upgrade Process

Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect

Most issues can be resolved quickly by following the step by step guide.

Bug Fixes

• KSC-359: Duo 2FA fails on SSO Connect Admin Console

• KSC-360: Web socket push connections fail

• KSC-361: Unable to upgrade Windows via the msi installer

Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect

Improvements

• Login V3 General Availability (GA) More information available here: https://docs.keeper.io/enterprise-guide/login-api-v3

• Protection against sync issues between user devices and SSO Connect server, due to a user being deleted or the SSO Connect server losing websocket connectivity.

Bug Fixes

• KSC-350: Sync issues occurring on the SSO Server

• KSC-349: An error message should be generated when unable to add JIT user to SSO Connect node

• KSC-335: Updated 3rd party libraries by either removal or update to latest versions.

• KSC-358: Updated Jetty version (CVE-2020-27218)

• KSC-352: Ensure all Data and Folders are deleted upon SSO Connect uninstallation

Upgrading

Please follow the upgrade guide for updating the Keeper SSO Connect software: https://docs.keeper.io/sso-connect-guide/upgrading-sso-connect

Enhancements & Benefits

• SSO Connect provides a flow where the login token is returned with the HTTP 301 redirect response.

Bug Fixes

• Fixed: "New password" field is not appearing when the client sends new password action to SSO Connect.

• Fixed: The JIT flag is cleared after entering into Configuration and Saving.

• Fixed: NPE received in Configurator when certificate file can't be read during SKS initialization.

Features & Benefits

• Support for TLS 1.3

• Support for Amazon AWS CloudHSM v2

• New "SAML Debug" screen which displays all recent SAML request/response history for troubleshooting purposes.

• Improved messaging when using a 2FA method such as Google Authenticator

• Improved debug logging

• Additional information regarding HSM is displayed on UI of Admin Panel

• Better handling of service startup when network connection has not been established on the instance

• Improved handling of AD FS logout to remove error messages in logfile

• Messaging to notify users when incompatible Java versions are found

We have released an update for Keeper SSO Connect, with new security and performance improvements. Please download and update your Keeper SSO Connect to version 14.1.3 by following these steps:

Upgrading SSO ConnectSSO Connect Guide

Features & Benefits

• Just-in-time provisioning ("invite_new_users" property) is now in shared.properties rather than instance.properties. The old setting may remain in instance.properties; it will be ignored.

• User is now notified in the SSO Connect interface if the SSL certificate is expired or expiring soon. Modified the backend API properties handler to send two new properties: ssl_expires_soon and idp_cert_expires_soon. If true, the UI will turn the appropriate date red on the screen to inform the admin that they need to update the certificate.

• Modified the “Entity ID” display to filter out :443 if the port is 443. The HTML element is “sp_entity_value”.

Bug Fixes & Security Updates

• Fixed: UI issue related to ECC signed certificates

• Fixed: Error if "key_type" parameter missing from config file

• Fixed: Replaced old Keeper logos with new logo files

• Fixed: When the user is on the Configuration page and presses "Save", it is possible to get an Alert box in the browser that simply says, "undefined".

Features & Benefits

• UI improvement on the SSO Connect admin panel

• UI improvement on the installer

• Improved Safari browser support

• Additional error handling from the identity provider.

  Now interprets 23 possible StatusCode responses from the IDP, plus the cases of an unknown StatusCode and a missing StatusCode. Any errors are propagated to the Keeper client in the values of the ‘result_code’ and ‘message’ properties which are displayed to the user.

Features & Benefits

• SSO Connect now has a new configuration parameter: key_type. The value can be “rsa” or “ec” (case-insensitive). This is a shared property so it is stored in the data/shared.properties file.

  It is also synchronized with KeeperApp and shared with other instances.

  We also removed the “key password” dialog box on the Configuration page when the SSL certificate file is in .pfx format. The library we are using assumes that if the file has both a “key store password” and a “key password”, they are the same. So we shouldn’t allow the user to enter a different “key password”.

• Package Keeper SSO Connect as .msi installer

• The SAML IDP Metadata standard says that the metadata must contain one SingleSignOn binding, either POST or REDIRECT. Keeper SSO Connect is requiring Redirect. Changed the validator to accept either POST or REDIRECT.

• Support for password-protected .pfx certificate files

Enhancements & Benefits

• Support for Gemalto Luna HSM modules for enhanced key protection

• Improved README and online documentation

• Improved reliability and stability

Bug Fixes

• ​Admin Console login issues with IE and Edge browsers are resolved

• Switched from Google protobuf to protobuf.js library

Coming Soon

• ​Version 14.0.0: Support for Gemalto HSM key storage, support for latest Keeper Backend API encryption updates.

Enhancements & Benefits

• Over 20 bug fixes and improvements to the Keeper SSO Connect application service.

• Ability to add additional SAML debugging logging

• Show IDP errors in the UI console in addition to log file

• Update the user prompts during the config process

• CLI auto-switches between US and EU regions

• Improvements to OKTA integration

• Removed information disclosure related to the internal HTTP server version

• Removed external Javascript content downloads

Bug Fixes

• ​User not logged out from IdP (Okta) on Keeper Logout

• Malformed request on Okta IdP logout

• UI string fixes

• CLI switching between US and EU regions

• Port 443 explicitly configured on the UI not compatible with Okta

• Inconsistent "ping" status response in HA environments

• Support <EntitiesDescriptor> at the top level of SAML metadata file

• OneLogin IdP login failures

• Full support of SAML data compression according to SAML 2.0 specification

• Disable client-initiated renegotiation

Coming Soon

• ​Version 14.0.0: Support for Gemalto HSM key storage, support for latest Keeper Backend API encryption updates.