The following is the change history for the Duo Security Integration Kit.
Duo Security Integration Kit 3.1.1 - July 2023
- Fixed a defect with how the adapter collects the application name configured in the SP connection and sends it to Duo for use in mobile push notifications.
- Added the ability to select whether to send application names to Duo for use in push
notifications. When the Send Application Name
check box is selected, the adapter sends Duo
the application's name if it's configured in the SP connection.Note:
This check box is selected by default. If you haven’t set an application name or if you clear the Send Application Name check box, push notifications use the application name configured in Duo instead.
Duo Security Integration Kit 3.1 - May 2023
- Added the ability for the adapter to send the application name to Duo where it can be displayed in the Push notification in the Duo mobile application. This provides the user more context for which application is requesting a push notification.
Duo Security Integration Kit 3.0.3 - December 2022
- Fixed a defect in adapter when PingFederate is deployed under non-default context path.
Duo Security Integration Kit 3.0.2 - September 2021
- Verified that the Duo Security IdP Adapter is compliant with US Federal Information Processing Standards (FIPS). For usage, see Integrating with Bouncy Castle FIPS provider in the PingFederate documentation.
Duo Security Integration Kit 3.0.1 - March 2021
- Fixed an issue that caused transactions to fail when many users were signing into Duo Security at the same time.
Duo Security Integration Kit 3.0 - October 2020
- Added support for the new Duo Universal Prompt multi-factor
authentication (MFA) flow, including:
- OpenID Connect authentication protocol
- Duo Universal Prompt
- New endpoints for checking API availability, authorizing users, and getting authentication results
- Added the ability to map any Duo Universal Prompt API response attribute to an attribute in the PingFederate authentication policy.
- Added support for the PingFederate authentication API.
- Added support for the JavaScript Widget for the PingFederate Authentication API.
- Added a setting for API connection and request timeout.
- Added settings to override the PingFederate system-default proxy settings.
- Improved security by disabling device registration during password reset flows.
- Removed the template and JavaScript files that were needed in previous versions.
Duo Security Integration Kit 2.2.2 - January 2020
- Fixed an issue that allowed sessions to exceed the max_age parameter in the authentication request.
- Improved input validation for the Session Timeout field in the adapter configuration.
Duo Security Integration Kit 2.2.1 - July 2017
- Fixed an issue using the Duo adapter with Failmode set to safe.
- Upgraded to v2 of the Duo Web SDK.
Duo Security Integration Kit 2.2 - September 2016
- Added Failmode option, allowing users to bypass second factor authentication in the event that the Duo service is down.
Duo Security Integration Kit 2.1 - April 2016
- Added clustering support without the use of sticky sessions.
- Added option to configure login template for each adapter instance.
Duo Security Integration Kit 2.0 - September 2015
- Initial release.
- Added support for SSO.