Search Mailing List Archives
WebAuth 4.5.5 released
eagle at windlord.stanford.edu
Thu Aug 29 15:13:59 PDT 2013
The ITS WebAuth team is pleased to announce Stanford WebAuth 4.5.5. This
is a bug-fix release for the WebLogin and WebKDC components of WebAuth,
particularly for multifactor authentications. There is no need for
WebAuth Application Servers to upgrade to this release.
For documentation and downloads of WebAuth 4.5.5, see:
The user-visible changes in this release are:
Fix replay detection in WebLogin to use the same memcached object
naming convention when registering authentications and when checking
for a previous authentication.
If the login is rejected by the user information service, WebLogin now
displays a more specific error instead of the generic "something went
wrong" error page.
If a multifactor authentication is rejected by the validation service,
the user is now returned to the multifactor authentication screen and
the error message is provided to the template, rather than taking the
user to a dead-end error page with a generic error.
If enabled, rate limiting and replay detection are also applied to the
multifactor login page in addition to the password login page.
Support remembering that the user has been sent an SMS message already
when redisplaying the multifactor login page after an error. For this
to work properly, local templates will have to be updated to set the
form parameter multifactor_sentauth if an SMS message has already been
sent. See the sample multifactor.tmpl file for an example.
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University
More information about the webauth-announce