Skip to content

Releases: MultifactorLab/multifactor-radius-adapter

2.1.18

09 Oct 07:34
@MultifactorLab MultifactorLab
2.1.18
2f34592
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.18 Latest
Latest

Release 09.10.2024 | Nested groups search

New

  • Support msRADIUSFramedIPAddress attribute for return using RadiusReply.
  • Forced multifactor api timeout. Use the following syntax: value=hh:mm:ss! to set the timeout less than the minimum recommended.
  • A new appSetting configuration section. Now you can specify the containers in which to search for nested groups: 
     <add  key="nested-groups-base-dn" value="CN=Users,DC=domain,DC=your;OU=Admins,DC=domain,DC=your"/>

Bugfixes

  • Fixed: Incorrect behavior of conditional return of attribute value when using RadiusReply.
Assets 3
Loading

2.1.16

30 Aug 15:12
@MultifactorLab MultifactorLab
2.1.16
951ccea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.16

Release 30.08.2024 | Config adjustment

Bugfixes

  1. API URL was adjusted in the config file
Assets 3
Loading

2.1.14

23 Aug 07:44
@MultifactorLab MultifactorLab
2.1.14
d38ac99
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.14

Release 23.08.2024 | UserNameTransformRules extended and bugfixes

Bugfixes

  • Username Transformation Rules works properly with every fist factor source, for example with a RADIUS server in RADIUS mode.

New

  • Added extended name transformation section to transform an identity before first factor and before second separately.
    Note, the section UserNameTransformRules should be registered in a configSections section of a client config: 
    <configSections>
  <section name="UserNameTransformRules" type="MultiFactor.Radius.Adapter.UserNameTransformRulesSection, multifactor-radius-adapter" />
</configSections>
    Example of a UserNameTransformRules settings: 
    <UserNameTransformRules>
  <BeforeFirstFactor>
     <add match="d.jones" replace="j.doves" />
   </BeforeFirstFactor>
   <BeforeSecondFactor>
      <add match="d.jones" replace="j.doves" />
   </BeforeSecondFactor>
</UserNameTransformRules>
Assets 3
Loading

2.1.12

29 Jul 08:08
@MultifactorLab MultifactorLab
2.1.12
a720ac5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.12 
Update README.md
Assets 3
Loading

2.1.10

29 Jul 08:04
@MultifactorLab MultifactorLab
2.1.10
4e10368
Compare
Choose a tag to compare
2.1.10

Release 29.07.2024 | Environment Variables

The Adapter now supports environment variables: you can setup adapter via setting the OS environment variables.
This approach has a number of advantages:

  • independence from configuration files: solves the problem of possible overwriting of files;
  • easier containerization: just set a set of environment variables inside the container;
  • increased security: sensitive data can be transferred via variables without using the file system.

To set variable correctly you should use RAD prefix for variable names.
You can find more information and examples in README.

Assets 3
Loading

2.1.8

01 Jul 11:55
@MultifactorLab MultifactorLab
2.1.8
4b2fec8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.8

Release 01.07.2024 | FreeIPA bind on a RADIUS auth source

Bugfixes

  • Fixed: Bind Identity Formatters works properly with FreeIPA when an auth source of RADIUS type.
Assets 3
Loading

2.1.6

07 May 14:33
@MultifactorLab MultifactorLab
2.1.6
e759e4b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.6

Release 07.05.2024 | Extra Attribute

Fixed:

  • The Adapter was added Message-Authenticator attribute to response in some cases
Assets 3
Loading

2.1.1

22 Apr 10:57
@MultifactorLab MultifactorLab
2.1.1
be1ccbb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1.1

Release 22.04.2024

Cyrillic Passwords

The Adapter now supports Cyrillic passwords (any non-ASCII symbols, in general).

⚠️ Warning
Note: Make sure that the correct symlinks exist for the libldap.so.2 and liblber.so .2.
Learn more

Assets 3
Loading

2.0.73

19 Apr 11:36
@MultifactorLab MultifactorLab
2.0.73
c8c8439
Compare
Choose a tag to compare
2.0.73

Release 19.04.2024 | 2FA Pre Auth

The Adapter now supports new mode: Second Factor Authentication before First Factor Authentication.
If this mode is enabled, the user will have to confirm the second factor before he can proceed to confirm the first (login/password).
All current features such as BYPASS and INLINE ENROLLMENT are available in the new mode as well.

Note: The Second Factor Authentication before First Factor Authentication mode is not available for Winlogon and RDGW resources.

All available methods - push, telegram, otp - specifies the preferred method for the current user during the authentication session on the Multifactor Cloud side. This means that the specified method will be preferred. But if this method is not available, the next one will be used according to priority.

In otp mode, the user must enter the OTP code in the User-Password attribute along with the password. If no password is required, the user only needs to enter the OTP code.
Examples of User-Password attribute content:

  • password + otp: mypassword123456
  • otp only: 123456

Configuration

You can activate this mode by adding the following option to the client config:
<add key="pre-authentication-method" value="METHOD"/>
Allowed METHOD values: none (by default), push, telegram, otp.

If the mode is enabled (push, telegram, otp) it is necessary to add invalid credential delay settings in root or client level config:
<add key="invalid-credential-delay" value="DELAY"/>
The minimal value of DELAY must be 2.

Note: The Invalid Credential Delay feature can now be enabled in both root and client configurations. At the same time the delay setting specified in the root config will be overridden by the client level setting.

Configuration examples

<!-- feature disabled -->
<add key="pre-authentication-method" value="none"/>
<add key="invalid-credential-delay" value="0"/>

<!-- push -->
<add key="pre-authentication-method" value="push"/>
<add key="invalid-credential-delay" value="2"/>

<!-- telegram -->
<add key="pre-authentication-method" value="telegram"/>
<add key="invalid-credential-delay" value="3-5"/>

<!-- otp -->
<add key="pre-authentication-method" value="otp"/>
<add key="invalid-credential-delay" value="4"/>
Assets 3
Loading

2.0.70

26 Mar 14:38
@MultifactorLab MultifactorLab
2.0.70
1844623
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0.70

Release 26.03.2024 | Ldap Attribute Pattern Matching Fix

Bugfixes

  1. Fix type mismatch on a custom ldap attribute retrieving operation.
  2. Enable console log in case of a startup-fail error.
Assets 3
Loading