Changelog

Added support for protecting multiples sites under the same domain using one instance of the adapter.

Fixed an issue that cause the adapter to ignore the token-lifetime and secure-cookie parameters in the agent-config.txt file.

Fixed an issue that caused the adapter to ignore the cookie settings in the agent config file.

Fixed an issue that caused the samesite cookie and legacy cookie to become out of sync.

Added support for the SameSite cookie flag in web browsers.

Added compatibility for IIS 8.5 and 10 environments.

Addressed compatibility issue with 32-bit application pool

Added support for using the HttpOnly flag on the session cookie (refer to the new HttpOnlyCookie attribute in pfisapi.conf).

Added support for .NET Framework 4.0

Bug fixes

Added support for whitelisting in the properties file for IIS (pfisapi.conf)

Added units to the TokenUpdateWindow field in the pfisapi.conf file

Added documentation for the IIS limitation regarding HTTP POST issues with managed and native modules

Added support for IIS 8 - Integrated Mode

Added support for an exclusion resource list in the properties file for IIS ( pfisapi.conf)

Added support for the 2.5.1 version of the OpenToken Adapter and OpenToken Agent

Upgraded to .NET Framework 4.0

Requires IIS 7.0 or higher

Requires integrated pipeline mode for protected applications

Added support for both 32-and 64-bit application pool in IIS

Added ability to control logging level

Replaced ISAPI extension with OpenToken HTTP Module

Removed OpenToken Exchange application

Corrected issue with TargetResource URL being truncated in certain situations

Corrected IIS crashing issue when attribute data is too long

Added OpenToken Exchange service application to handle OpenToken query and POST transport methods

For performance optimization, added a property ( TokenUpdateWindow) in the configuration file pfisapi.conf to enable OpenTokens to be reused by the browser for a configurable period of time

Added alternative method for setting session attributes as HTTP headers without a prefix

Corrected OpenToken timestamp comparisons to prevent the occurrence of intermittent invalid OpenToken errors

Protected-resource URL filtering is not case-sensitive

Ported the OpenToken IIS Agent to use the OpenToken Adapter and the OpenToken .NET library

Supports the POST Transport Method from the OpenToken Adapter

Added URL filtering for protected resources

Added support to allow IIS web applications to download files

Security patch to write all HTTP standard headers and PFTOKEN custom headers only; any other HTTP custom headers will be removed

Simplified IIS agent configuration file

Initial Release