1.0.151

Release 19.06.2023 | Sufficient Modifier

New

• New sufficient property in the optional RADIUS atribute definition:
  <add name="Class" value="value" when="condition" sufficient="true" />.
  Allowed values: true, false (by default).

How it works

If the attribute matches the conditions, it is added to the RADIUS packet. If the attribute also has the sufficient=true property, the adapter stops evaluating the optional attribute stack. The sufficient property only takes effect if the attribute passes the conditions check.

The example shows a case in which Custom-Attr attribute will not be added to the response:

<RadiusReply>
    <Attributes>
      <add name="Class" value="VPN-GP"/>
      <add name="Class" value="VPN-G2P" when="true statement" sufficient="true" />
      <add name="Custom-Attr" value="Attr" when="true statement"/>
    </Attributes>
</RadiusReply>

1.0.148

Release 02.06.2023 | No Response In the Proxy Mode

New

• New adapter behavior in the following scenario:

  • the first-factor-authentication-source is Radius;
  • the nps-server-endpoint is specified;
  • NPS did not return a response.

  In this case, the adapter will not return a response.
  Old behavior: Adapter returned an Access-Reject response.

1.0.134

Release 30.03.2023 | Partial Privacy Mode

New

• New syntax for the privacy-mode setting. Now you can use Partial privacy mode:
  <add key="privacy-mode" value="Partial:FIELD_NAME" />
  In Partial mode, the adapter sends only the specified fields to the API.

  The FIELD_NAME value can be one of: Name, Email, Phone, RemoteHost:
  <add key="privacy-mode" value="Partial:Email" />
<add key="privacy-mode" value="Partial:RemoteHost" />

  You can also specify multiple fields by separating them with commas:
  <add key="privacy-mode" value="Partial:RemoteHost,Name,Phone" />

  If you have not specified any field, the adapter will work in the Full mode.

  Standard modes are also available:
  None (by default) - in this mode, the adapter sends all data to the API.
  Full - in this mode, the adapter sends only Identity field.

1.0.131

Release 27.03.2023 | Custom Attributes

New

• AuthenticatorId value in the AccessAccepted log event.
• Custom CallingStationId source attribute. To tell the adapter to take the Calling-Station-Id value from another attribute. add the following parameter in the client config:
  <add key="calling-station-id-attribute" value="Custom-Attr" />
• PaloAlto vendor attributes support:
  - PaloAlto-Admin-Role
  - PaloAlto-Access-Domain
  - PaloAlto-Panorama-Admin-Role
  - PaloAlto-Access-Domain
  - PaloAlto-User-Group
  - PaloAlto-User-Domain
  - PaloAlto-Source-IP
  - PaloAlto-PaloAlto-Client-OS
  - PaloAlto-Client-Hostname
  - PaloAlto-GlobalProtect-Version

Bugfixes

• Fixed: The adapter could not recognize proxy addresses like this: http://user@dmn.sub.su:password@192.168.1.1:3131

1.0.128

Release 27.02.2023 | Password decoder

Bugfixes

• Fixed: Сyrillic passwords were decrypted incorrectly.

1.0.126

Release 07.02.2023 | Radius attributes overwriting

Bugfixes

• Fixed: the Adapter generated an error when trying to add an already existing attribute to a radius package. Now the existing attribute is overwritten.

1.0.123

Release 11.01.2023 | Logging subsystem improvements

New

• Log template token: {CallingStationId}. To render it in logs you can use output template like this:
  [{Timestamp:HH:mm:ss} {Level:u3}] {CallingStationId} {Message:lj}{NewLine}{Exception}
  More information about log templates: https://github.com/MultifactorLab/multifactor-radius-adapter/releases/tag/1.0.99

1.0.120

Release 22.12.2022 | Authenticated Client Cache

Bugfixes

• Fixed: The cache was not activated correctly in case of challenge request.

1.0.117

Release 12.12.2022 | First factor memberchip checking

• membership check logic was changed;
• some logs (DBG, WRN) were reformatted and improoved.

1.0.114

+ minimal matching (#11)