Releases · MultifactorLab/MultiFactor.Radius.Adapter

13 Sep 11:22

MultifactorLab

1.0.216

df1b58b

1.0.216

Release 13.09.2023 | Add pre-Windows 2000 logon name support

New

The user can use a pre-Windows 2000 logon name for authentication: "netbiosname/username".
This feature conflicts with the setting <ActiveDirectory requiresUserPrincipalName="true">.
Extended logging.

Assets 3

13 Jun 08:30

MultifactorLab

1.0.209

1677600

1.0.209

Release 13.06.2023 | No Response In the Proxy Mode

New

New adapter behavior in the following scenario:
- the first-factor-authentication-source is Radius;
- the nps-server-endpoint is specified;
- NPS did not return a response.
In this case, the adapter will not return a response.
Old behavior: Adapter returned an Access-Reject response.

Assets 3

26 Apr 07:58

MultifactorLab

1.0.206

15306a7

1.0.206

Release 26.04.2023 | Sufficient Modifier

New

New sufficient property in the optional RADIUS atribute definition:
<add name="Class" value="value" when="condition" sufficient="true" />.
Allowed values: true, false (by default).

How it works

If the attribute matches the conditions, it is added to the RADIUS packet. If the attribute also has the sufficient=true property, the adapter stops evaluating the optional attribute stack. The sufficient property only takes effect if the attribute passes the conditions check.

The example shows a case in which Custom-Attr attribute will not be added to the response:

<RadiusReply>
    <Attributes>
      <add name="Class" value="VPN-GP"/>
      <add name="Class" value="VPN-G2P" when="true statement" sufficient="true" />
      <add name="Custom-Attr" value="Attr" when="true statement"/>
    </Attributes>
</RadiusReply>

Assets 3

25 Apr 10:28

MultifactorLab

1.0.203

9a453d1

1.0.203

Release 25.04.2023 | Partial Privacy Mode

New

New syntax for the privacy-mode setting. Now you can use Partial privacy mode:
<add key="privacy-mode" value="Partial:FIELD_NAME" />
In Partial mode, the adapter sends only the specified fields to the API.

The FIELD_NAME value can be one of: Name, Email, Phone, RemoteHost:
<add key="privacy-mode" value="Partial:Email" />
<add key="privacy-mode" value="Partial:RemoteHost" />

You can also specify multiple fields by separating them with commas:
<add key="privacy-mode" value="Partial:RemoteHost,Name,Phone" />

If you have not specified any field, the adapter will work in the Full mode.

Standard modes are also available:
None (by default) - in this mode, the adapter sends all data to the API.
Full - in this mode, the adapter sends only Identity field.

Assets 3

05 Apr 08:35

MultifactorLab

1.0.200

e73a30e

1.0.200

Release 05.04.2023 | Multiple values support in a When statement of RadiusReply

New

Multiple values in a when clause of a Radius Reply config section. A clause matches when one of a values provided is equal to the left side.
See the example below.

<RadiusReply>
    <Attributes>
      <add name="Class" value="VPN-GP" when="UserName=John Smith;Ivan Ivanov"/>
      <add name="Class" value="VPN-G2P" when="UserGroup=Domain Admins;Administrators"/>
    </Attributes>
</RadiusReply>

Assets 3

14 Mar 10:55

MultifactorLab

1.0.197

e6ae582

1.0.197

Release 06.03.2023 | Custom Attributes

New

AuthenticatorId value in the AccessAccepted log event.
Custom CallingStationId source attribute. To tell the adapter to take the Calling-Station-Id value from another attribute. add the following parameter in the client config:
<add key="calling-station-id-attribute" value="Custom-Attr" />
PaloAlto vendor attributes support:
- PaloAlto-Admin-Role
- PaloAlto-Access-Domain
- PaloAlto-Panorama-Admin-Role
- PaloAlto-Access-Domain
- PaloAlto-User-Group
- PaloAlto-User-Domain
- PaloAlto-Source-IP
- PaloAlto-PaloAlto-Client-OS
- PaloAlto-Client-Hostname
- PaloAlto-GlobalProtect-Version

Bugfixes

Fixed: The adapter could not recognize proxy addresses like this: http://user@dmn.sub.su:password@192.168.1.1:3131

Assets 3

27 Feb 17:06

MultifactorLab

1.0.190

cc0e1ef

1.0.190

Release 27.02.2023 | Password decoder

Bugfixes

Fixed: Сyrillic passwords were decrypted incorrectly.

Assets 3

07 Feb 09:53

MultifactorLab

1.0.187

4767dcd

1.0.187

Release 07.02.2023 | Radius attributes overwriting

Bugfixes

Fixed: the Adapter generated an error when trying to add an already existing attribute to a radius package. Now the existing attribute is overwritten.

Assets 3

20 Jan 14:04

MultifactorLab

1.0.183

acda87f

1.0.183

Release 20.01.2023 | Retrieve UPN bugfix

Bugfixes

Fixed: The UPN attribute was not loaded correctly with the following settings:

use-upn-as-identity is enabled;
first-factor-authentication-source is one of: Radius, None.

Assets 3

11 Jan 14:40

MultifactorLab

1.0.179

ba89e19

1.0.179

Release 11.01.2023 | Logging subsystem improvements

New

Log template token: {CallingStationId}. To render it in logs you can use output template like this:
[{Timestamp:HH:mm:ss} {Level:u3}] {CallingStationId} {Message:lj}{NewLine}{Exception}
More information about log templates: https://github.com/MultifactorLab/MultiFactor.Radius.Adapter/releases/tag/1.0.153

Assets 3

Releases: MultifactorLab/MultiFactor.Radius.Adapter

1.0.216

Release 13.09.2023 | Add pre-Windows 2000 logon name support

New

Uh oh!

1.0.209

Release 13.06.2023 | No Response In the Proxy Mode

New

Uh oh!

1.0.206

Release 26.04.2023 | Sufficient Modifier

New

How it works

Uh oh!

1.0.203

Release 25.04.2023 | Partial Privacy Mode

New

Uh oh!

1.0.200

Release 05.04.2023 | Multiple values support in a When statement of RadiusReply

New

Uh oh!

1.0.197

Release 06.03.2023 | Custom Attributes

New

Bugfixes

Uh oh!

1.0.190

Release 27.02.2023 | Password decoder

Bugfixes

Uh oh!

1.0.187

Release 07.02.2023 | Radius attributes overwriting

Bugfixes

Uh oh!

1.0.183

Release 20.01.2023 | Retrieve UPN bugfix

Bugfixes

Uh oh!

1.0.179

Release 11.01.2023 | Logging subsystem improvements

New

Uh oh!