Changelog

Added the ability to protect multiple sites under the same domain using one instance of the adapter.

Fixed an issue that caused the adapter to ignore the token-lifetime and secure-cookie parameters in the agent-config.txt file.

Fixed an issue that caused the adapter to ignore the cookie settings in the agent config file.

Fixed an issue that caused the samesite cookie and legacy cookie to become out of sync.

Added support for the SameSite cookie flag in web browsers.

Added compatibility for IIS 8.5 and 10 environments.

Addressed compatibility issue with the 32-bit application pool.

Added the ability to use the HttpOnly flag on the session cookie. Learn more in the new HttpOnlyCookie attribute in the pfisapi.conf file.

Added support for .NET Framework 4.0.

Bug fixes.

Added support for allowlisting in the properties file for IIS (pfisapi.conf).

Added units to the TokenUpdateWindow property in the pfisapi.conf file.

Added documentation for the IIS limitation about HTTP POST issues with managed and native modules.

Added support for IIS 8: Integrated Mode.

Added support for an exclusion resource list in the properties file for IIS (pfisapi.conf).

Added support for version 2.5.1 of the OpenToken Adapter and OpenToken Agent.

Upgraded to .NET Framework 4.0.

Requires IIS 7.0 or higher.

Requires integrated pipeline mode for protected applications.

Added support for both 32-and 64-bit application pool in IIS.

Added the ability to control logging level.

Replaced the ISAPI extension with OpenToken HTTP Module.

Removed the OpenToken Exchange application.

Fixed an issue that caused the TargetResource URL to truncate in certain situations.

Fixed an issue with IIS crashing when the attribute data is too long.

Added the OpenToken Exchange service application to handle OpenToken query and POST transport methods.

Added the TokenUpdateWindow property in the pfisapi.conf configuration file to enable browsers to reuse OpenTokens for a configurable period of time. This can optimize performance.

Added an alternative method for setting session attributes as HTTP headers without a prefix.

Corrected OpenToken timestamp comparisons to prevent intermittent invalid OpenToken errors.

Protected-resource URL filtering is no longer case-sensitive.

Ported the OpenToken IIS Agent to use the OpenToken Adapter and the OpenToken .NET library.

Added support for the POST Transport Method from the OpenToken Adapter.

Added support for URL filtering for protected resources.

Added the ability to allow IIS web applications to download files.

Added a security patch to write all HTTP standard headers and PFTOKEN custom headers only. Any other HTTP custom headers will be removed.

Simplified the IIS agent configuration file.

Initial Release