Skip to content

1.0.7846.0-beta.4

Pre-release
Pre-release
Compare
Choose a tag to compare
@ryannewington ryannewington released this 29 Nov 07:05
· 63 commits to master since this release
v1.0.7846.0-beta.4
a735d9f

Release Summary

This release introduces many bug fixes and new features. Most notably, this version introduces support for high availability, by running AMS in a Microsoft failover cluster. This introduces the first major Enterprise edition feature to Lithnet Access Manager.

This release contains a built-in enterprise edition license, that will expire on 26th February 2021. On this date, enterprise edition features will be deactivated, and the application will continue to run in standard edition. Organizations that are not using any enterprise edition features will be able to continue using the application after this date. A new beta version will be released in December 2020, which will include a new built-in license with an extended date. Organizations can obtain longer-length enterprise edition licenses by emailing [email protected]. Enterprise edition licenses are not yet available for purchase, but will be provided for free during the beta phase.

To learn more about the differences between standard and enterprise edition, as well as the upcoming enterprise edition features, see the edition comparison in the wiki

Installation Notes

  • PowerShell 5.0 is now a prerequisite
  • Microsoft SQL Local DB 2017 is now a prerequisite

New features

  • Adds support for running Access Manager in a Windows failover cluster (Enterprise edition feature)
  • Adds support for automatically synchronizing certificates between nodes (Enterprise edition feature)
  • Adds support for encrypting secrets using cluster-compatible DPAPI-NG (Enterprise edition feature)
  • Adds certificate export and import options to the local admin password page in the UI
  • Request limiting now uses a persistent SQL back-end, allowing enforcement of limits that survives reboots, outages, and node failovers
  • Adds support for disabling authorization rules
  • Adds support for expiring authorization rules
  • Adds a new PowerShell module for getting Lithnet local admin passwords and history from the AMS server (Get-LithnetLocalAdminPassword and Get-LithnetLocalAdminPasswordHistory)
  • Adds support for exporting a list of CSV permissions from the authorization rules

Issues fixed

  • Fixes an issue where password text boxes delete contents on focus (#39)
  • Fixes an issue where imported authorization rules were not being saved (#45)
  • Fixes an issue where the access expiry reported in audit events was not in the system date time format
  • Fixes an issue where the log out link was missing when using a logout-capable identity provider (#49)
  • Fixes an issue where IDP signing was not working with Okta
  • Fixes an issue where users who are members of a large number of groups cannot log into the system (#44)
  • Fixes an issue where the user gets an unexpected error message when searching a computer by a non-AD DNS hostname (#54)
  • Fixes an issue where a user who is not granted sign in permission sees a 404 error instead of an access denied message (#52)
  • Fixes an issue where Google chrome may offer to translate a page containing a password it thinks is in a different language (#51)
  • Fixes an issue where the service cannot write to the log folder when the service account is changed
  • Fixes an issue where the UI required a save immediately after saving the initial config
  • Fixes an issue where the config app would silently crash when the appsettings and apphost config files cant be found
  • Fixes an issue where the JIT group worker creates groups for conflict objects (#56)
  • Fixes an issue with the domain group membership permission script
  • Fixes an issue where some files would be missing after an upgrade (#43)
  • Fixes an issue where the schema status in the UI did not update after schema changes were deployed
  • Fixes an issue where UI trace events could not be logged
  • Fixes an issue where the JIT mode indicator did not update correctly when the AD PAM feature was enabled

Other changes

  • Accessing the local admin password history via the web is now an enterprise edition feature. However, the new PowerShell cmdlets allow an AMS administrator to retrieve the local admin password history via PowerShell from the AMS service itself
  • PowerShell based authorization rules are now an enterprise-edition feature
  • Service account details are no longer required to be entered on installations after beta 4.
  • Installation paths can no longer be changed during an upgrade. The application must be uninstalled and reinstalled to change any paths.
  • Custom logo is now stored in the configuration folder
  • The application now uses NT Service\lithnetams as the principal when assigning permission to local ACLs to avoid issues when assigning a new service account to run the service
  • Adds progress bar to service stop and start operations
  • Adds check for GMSA permissions when changing service account
  • Grants logon as a service to selected service account
  • Adds password validation for non-GMSAs when changing service account
  • Adds logon as a service permission check when changing service account
  • Replaces login dialog with user selector when changing service account
  • Claims in the log file are now grouped by name to reduce verbosity
  • Adds a message to remind the user to back up the encryption certificate when generating a new one
  • Adds additional help information to the delegation warning that appears in the UI when the service account is not protected from delegation
  • Adds a splash screen to the UI app on startup
  • Updates event log messages to contain information about the specific request type made by the user
  • Adds support for encrypting cookies with cluster-compatible keys
Assets 5
Loading