Release Notes

Release 4.9.6.1

Improvements

  • Added three new options to the FIDO menu (Admin Portal > Methods > FIDO > New PIN Policy) as below:

    • Allow administrators to define the number of incorrect attempts until a PIN is blocked

    • Number of PINs kept in history to require PIN uniqueness upon PIN change

    • PIN expiration requires a user to reset an expired PIN

  • The Admins Portal and SSP now support international numbers

Fixes

  • RIMFA client authentication methods now follow OTP PIN policy fail limits (the attempts are user-configurable values, and the user can pick from Select box and Save.

  • Fixed an enrollment issue of Contactless cards in the case of a bad read

  • Fixed Admin Portal link failing issues when using from SSP

  • When installing the 4.9.6.1 Server, the "Need Help? Click here for installation Guide" button now forwards users to the RapidIdentity MFA Install Guide page

Prerequisites

  • Noted a C++ Redistributable for Visual Studo 2015, 2017, and 2019

    Note

    This is not included in the RapidIdentity MFA installation process, and if it does not exist on the server, it must be downloaded from Microsoft and installed for full functionality.

  • To check if this dependency is installed, open the Control Panel and go to Control Panel\Programs\Programs and Features. Search for Microsoft Visual C++ 2015-2019 Redistributable (x64)

Known Issues & Workarounds

  • FIDO PIN expiration policy for SSDP is not working

  • There is no UI/page on MFA-Portal to set up failed PIN attempts for the PingMe authentication method separately so that the OTP PIN policy can be used for now

  • Unable to install previous versions after uninstalling 4.9.5.1 on NPS/Radius-enabled MFA Servers. Workaround for a known issue regarding downgrading from 4.9.6.1 to an older version of MFA Server on Radius-enabled server only:

    • Uninstall 4.9.6.1

    • Stop IIS and remove the 4.9.6.1 installed directory (C:\Program Files\Identity Automation). Start the IIS again

    • Install the previous version (e.g., 4.9.4.6)

    • In IIS, navigate to SERVERNAME > Sites > API. Click on Advanced Settings and update the Physical Path to C:\Program Files\2FA\ONE Server\api. Click OK.

    • Navigate to ONE and click on Advanced Settings. Update the Physical Path to C:\Program Files\2FA\ONE Server\website and click OK

    • Navigate to oneService and click on Advanced Settings. Update the Physical Path to C:\ProgramFiles\2FA\ONE Server\servicesite and click OK

    • Navigate to REstServices and click on Advanced Settings. Update the Physical Path to C:\Program Files\2FA\ONE Server\restservices and click OK

    • Restart the IIS

  • Unable to access admin portal after a clean installation. Workaround for an issue preventing users from accessing Portal:

    • After doing a clean installation of 4.9.6.1 Server and the database tables are successfully built, update the URL with https:// for the following webconfig files in order to access the Admin Portal:

      • Restservice (e.g., https://ServerURL/oneService/SyncService.asmx)

        RestService.png
      • ServiceSite (e.g., https://ServerURL/one/SMSService.svc)

        ServiceSite.png
      • Website (e.g., https://ServerURL/oneService/ManagerService.asmx)

        Website.png
      • API (e.g., https://ServerURL/one/SMSService.svc)

        API.png
  • Preventing users from accessing Portal. Workaround for a known issue after the installation of 4.9.6.1:

    • For Radius-enabled server only -- after doing a clean installation of 4.9.6.1 Server:

      • Open regedit and expand to the path HKEY_LOCAL_MACHINE\SOFTWARE\2FA Technology\ONE Server\Radius\[PolicyName]

      • Verify that the key InstallPath exists at the above path, and if it does not, create it as a string type

      • Set value of this InstallPath key as the Install Directory path of MFA Server (e.g., C:\Program Files\Identity Automation\RapidIdentity MFA)

      • Expand to the path HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\RapidIdentity MFA

      • Select the InstallPath key from the list and double-click to edit the key. A popup will appear, and in the Value Data field, remove "\" from the end of the string if it exists and click OK. (e.g., Update C:\Program Files\Identity Automation\RapidIdentity MFA\ to C:\Program Files\Identity Automation\RapidIdentity MFA)

      • Location of ExtensionDLLs location for NPS extension:

        Note

        Change ExtensionDLLs value to C:\Program Files\2FA Technology\ONE Server\radius\2fanps.dll

        AuthServer.png
        Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AuthSrv\Param
    • For Non-Radius-enabled server only -- after doing a clean installation of the .9.6.1 Server:

      • Open regedit and expand to the path HKEY_LOCAL_MACHINE\SOFTWARE\Identity Automation\RapidIdentity MFA

      • Select the InstallPath key from the list and double-click to edit the key. A popup will appear, and in the Value Data field, remove "\" from the end of the string if it exists and click OK. (e.g., Update C:\Program Files\Identity Automation\RapidIdentity MFA\ to C:\Program Files\Identity Automation\RapidIdentity MFA)

  • Ended with premature installation error issue for upgrading to 4.9.6.1 from 4.9.4.4 and 4.9.4.5. Workaround as follows:

    • Before upgrading from 4.9.4.4 or 4.9.4.5 to 4.9.6.1, the MFA administrator will need to find and register the Two.FA.CM.Configuration.dll file under MFA Server Installation Directory (e.g., C:\Program Files\2FA\ONE Server)

    • The administrator will then execute gacutil -i [MFA Server Installation Path]\TwoFA.CM.Configuration.dll command in CMD as shown below

      gacutil.png
    • Run upgrade from 4.9.4.4 or 4.9.4.5 to 4.9.6.1