Releases: MultifactorLab/multifactor-radius-adapter
1.0.151
Release 19.06.2023 | Sufficient Modifier
New
- New sufficient property in the optional RADIUS atribute definition:
<add name="Class" value="value" when="condition" sufficient="true" />
.
Allowed values: true, false (by default).
How it works
If the attribute matches the conditions, it is added to the RADIUS packet. If the attribute also has the sufficient=true property, the adapter stops evaluating the optional attribute stack. The sufficient property only takes effect if the attribute passes the conditions check.
The example shows a case in which Custom-Attr attribute will not be added to the response:
<RadiusReply> <Attributes> <add name="Class" value="VPN-GP"/> <add name="Class" value="VPN-G2P" when="true statement" sufficient="true" /> <add name="Custom-Attr" value="Attr" when="true statement"/> </Attributes> </RadiusReply>
1.0.148
Release 02.06.2023 | No Response In the Proxy Mode
New
-
New adapter behavior in the following scenario:
- the
first-factor-authentication-source
is Radius; - the
nps-server-endpoint
is specified; - NPS did not return a response.
In this case, the adapter will not return a response.
Old behavior: Adapter returned an Access-Reject response. - the
1.0.134
Release 30.03.2023 | Partial Privacy Mode
New
-
New syntax for the privacy-mode setting. Now you can use Partial privacy mode:
<add key="privacy-mode" value="Partial:FIELD_NAME" />
In Partial mode, the adapter sends only the specified fields to the API.The FIELD_NAME value can be one of: Name, Email, Phone, RemoteHost:
<add key="privacy-mode" value="Partial:Email" />
<add key="privacy-mode" value="Partial:RemoteHost" />
You can also specify multiple fields by separating them with commas:
<add key="privacy-mode" value="Partial:RemoteHost,Name,Phone" />
If you have not specified any field, the adapter will work in the Full mode.
Standard modes are also available:
None (by default) - in this mode, the adapter sends all data to the API.
Full - in this mode, the adapter sends only Identity field.
1.0.131
Release 27.03.2023 | Custom Attributes
New
- AuthenticatorId value in the AccessAccepted log event.
- Custom CallingStationId source attribute. To tell the adapter to take the Calling-Station-Id value from another attribute. add the following parameter in the client config:
<add key="calling-station-id-attribute" value="Custom-Attr" />
- PaloAlto vendor attributes support:
- PaloAlto-Admin-Role
- PaloAlto-Access-Domain
- PaloAlto-Panorama-Admin-Role
- PaloAlto-Access-Domain
- PaloAlto-User-Group
- PaloAlto-User-Domain
- PaloAlto-Source-IP
- PaloAlto-PaloAlto-Client-OS
- PaloAlto-Client-Hostname
- PaloAlto-GlobalProtect-Version
Bugfixes
- Fixed: The adapter could not recognize proxy addresses like this: http://user@dmn.sub.su:password@192.168.1.1:3131
1.0.128
Release 27.02.2023 | Password decoder
Bugfixes
- Fixed: Сyrillic passwords were decrypted incorrectly.
1.0.126
Release 07.02.2023 | Radius attributes overwriting
Bugfixes
- Fixed: the Adapter generated an error when trying to add an already existing attribute to a radius package. Now the existing attribute is overwritten.
1.0.123
Release 11.01.2023 | Logging subsystem improvements
New
- Log template token: {CallingStationId}. To render it in logs you can use output template like this:
[{Timestamp:HH:mm:ss} {Level:u3}] {CallingStationId} {Message:lj}{NewLine}{Exception}
More information about log templates: https://github.com/MultifactorLab/multifactor-radius-adapter/releases/tag/1.0.99
1.0.120
Release 22.12.2022 | Authenticated Client Cache
Bugfixes
- Fixed: The cache was not activated correctly in case of challenge request.
1.0.117
Release 12.12.2022 | First factor memberchip checking
- membership check logic was changed;
- some logs (DBG, WRN) were reformatted and improoved.
1.0.114
+ minimal matching (#11)