Duo Security

Changelog

The following is the change history for the Duo Security Integration Kit 2.2.

This documentation is for Duo Security Integration Kit 2.2 and earlier. For later versions of the integration kit, see the latest Duo Security Integration Kit documentation.

Duo Security Integration Kit 2.2.2 - January 2020

  • Resolved an issue that allowed sessions to exceed the max_age parameter in the authentication request.

  • Improved input validation for the Session Timeout field in the adapter configuration.

  • Defect fixes to resolve a potential security vulnerability.

Duo Security Integration Kit 2.2.1 - July 2017

  • Resolved issue using the Duo adapter with Failmode set to safe.

  • Upgraded to v2 of the Duo Web SDK.

Duo Security Integration Kit 2.2 - September 2016

  • Added Failmode option, allowing users to bypass second factor authentication in the event that the Duo service is down.

Duo Security Integration Kit 2.1 - April 2016

  • Added clustering support without the use of sticky sessions.

  • Added option to configure login template for each adapter instance.

Duo Security Integration Kit 2.0 - September 2015

  • Initial release.

  • Added support for SSO.