Resolved issues
The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.
Bug ID |
Description |
---|---|
758522 |
SP server certificate when expired produces a server 500 when trying to edit the SP configuration. |
744936 |
Yubikey third party token failed authentication with "invalid token" error after FortiAuthenticator upgrades to version 6.4.0. |
742360 |
Remote user sync not reflecting LDAP user's OU change. |
758011 |
Logout from SAML FSSO portal is generating signature validation error and 403 forbidden upon re-authentication. |
749761 |
FortiAuthenticator did not update user group info after sync user from LDAP server. |
739254 |
Uploading CRL on LB secondary FortiAuthenticator causes GUI crash. |
754239 |
LB secondary not syncing when we failover to the secondary FortiAuthenticator. |
755884 |
History password policy not working. |
754589 |
Push Service does not recognize the realm from the FortiAuthenticator agent. |
745679 |
"Mandatory password and OTP" setting not enforcing OTP on unimported remote users. |
743480 |
User sync rule now updates FortiToken assignment if a manual change occurs after initial sync. |
751605 |
Timezone 63 Darwin shows time 1 hour ahead. |
753910 |
Users Audit export: comma separated displayname shifts the cells/fields to the right. |
756798 |
Self-service portal "Change Password" button returns 403 Forbidden error for remote users. |
744321 |
Mobile FortiToken and SMS tokens log event from a scheduled syncing of remote LDAP users. |
731626 |
Limit of 64 characters in SAN DNS field for CSR/Certificate creation. |
611922 |
Improve SCEP grid layout. |
735782 |
Alcatel RADIUS VSA dictionary needs to be updated. |
755539 |
User lookup triggers internal server error 500 for users with two or more IdP sessions. |
670317 |
Not possible to resize/change columns width in log table. |
712251 |
Column resize or sort does not work properly in tables of FortiAuthenticator. |
748818 |
SCEP and device enrollment does not work. |
752935 |
500 internal server error when using unknown email address for password reset. |
744768 |
FortiAuthenticator not logging LDAP group membership changes. |
741495 |
When trying to import users from FortiGate conf to FortiAuthenticator v6.4. |
729674 |
FortiToken license status on LB nodes shows unknown. |
748270 |
IdP proxy scenario with local AD for group membership does not work. |
741357 |
Unable to download raw log. |
730640 |
When signing a CSR via SCEP, FortiAuthenticator returns "Unable to sign request, Unable to find a unique name". |
741332 |
FortiToken email activation sent to user again when LDAP sync runs after the timeout of token activation (user should stay disabled). |
744916 |
Sort by name the sponsor list in the self-registration guest portal. |
737727 |
Change in the password complexity rule is not taking effect. |
737078 |
Private IPv6 address added to SSO list instead of public IPv6 when received from a RADIUS accounting source. |
706998 |
GUI crashes during password recovery using E-mail address method if the E-mail is not associated with any user account. |
694599 |
Certificate sync does not work from Master to LB Peer/Nodes. |
760580 |
Deleting an unused group gives "500 internal server error". |
723065 |
HA connection status is still showing connected even the Primary FortiAuthenticator is already shutdown. |
747259 |
FSAE is taking high CPU. |
711940 |
Raid widget is showing wrong status. |
685295 |
Implement correct handling of VM license in case of configuration conversion. |
733788 |
FortiAuthenticator Agent does not support UPN username format (as imported to the FortiAuthenticator). |
721189 |
SMS : No update on number of sent message on the dashboard. |
738349 |
SAML querying the LDAP when the user is admin instead of looking for the user locally on remote LDAP users. |
709395 |
High CPU utilization by wmid process. |
711721 |
Groups sorting differences when importing LDAP groups in SSO groups and FortiGate filtering. |
756786 |
Guest portal authentication request failed with Cisco WLC. |
754474 |
SAML- SP Login page does not present the Done button in OSX CNA. |
586851 |
http of the FortiAuthenticator cannot be closed. |
752572 |
Windows machine login caching not working and breaking user + machine authentication RADIUS policy condition. |
752954 |
SAML SP ACS URL misconfig returns a Server 500 vs 403 and the log for SP config mismatch. |
751445 |
Saving LDAP server config produces: Please submit 0 or fewer forms. |
748487 |
FortiAuthenticator SAML SP requires at least 1 attribute in received SAML assertions from the remote IdP. |
731175 |
Provide skeleton language pack. |
746411 |
SMTP mail: failed to start session with the "Operation now in progress" error. |
632248 |
Unable to provide publisher details/assign code signing certificate to a Smart Connect profile. |
691009 |
FortiAuthenticator-VM 6.0.4 stops authenticating and GUI freezes until reboot is applied. |
748560 |
FortiAuthenticator active-passive cluster plus load-balancing node does not sync properly. |
752114 |
LDAP group query parsing error. |
742715 |
"The username is in use and this user cannot be made into an administrator" error. |
748187 |
EAP-TLS policy ignores group filter for cert user, cert user can authenticate even if it is not a member of the group. |
746538 |
When applying the OpenLDAP template the out of the box User Object class does not find any user. |
742775 |
Wrong message when user inputs incorrect email address or an incorrect username. |
730474 |
FortiAuthenticator IdP proxy fails to proxy SAML assertions received from remote IdP when the User Attribute with same name exists. |
708384 |
SAML IdP proxy session not showing and unable to log out from an external IdP. |
756657 |
Error while changing HA password of Load Balancer node with HA enabled. |
752752 |
LB + GUI local service certificate restrictions preventing reconfiguration. |
731442 |
Case sensitive remote RADIUS username does not work well. |
758407 |
SP metadata import causes GUI index error. |
752730 |
RADIUS auth fails with invalid user if temporary token type = sms but no mobile number. |
756154 |
Hide self-service portal token registration options when all are disabled. |
754134 |
iOS 14 and iPhone 13 Safari browser: Error displayed on FIDO auto-start after password authentication. |
752749 |
Remote LDAP server page loads incredibly slowly when many imported users exist. |
755111 |
Issue with auto-redirect on HA administration page when enabling HA for load balancer role. |
735940 |
Unable to restart radiusd in debug mode from FortiAuthenticator GUI debug tab after CSP changes for JS. |
753040 |
HA status page should show "Name" of LB nodes in Cluster + LB mode. |
752732 |
Admin trusted hosts applied to SAML auths, not just admin GUI. |
742657 |
Test SMS phone number is not initialized. |
748148 |
ubkey self-provisioning is broken. |
733585 |
No log for policy priority change. |
740201 |
User CSV import does group database check once per record. |
746096 |
Upper case is not accepted for local users. |
706422 |
LB should not delete certificates if they are used by config_setting table but not synced. |
744732 |
FSSO eventlog polling fail for machine account ending with $. |
744505 |
Unable to see top row title of replacement messages. |
739528 |
Certificate CN validation gives wrong error. |
752755 |
Customized SAML Token Login page's pre-existing pollTokenAuthResult JS broken after upgrade to 6.4.0. |
742719 |
CPU usage 100% after clicking LDAP server in GUI in a customer setup (and GUI timeout). |
755701 |
ESX deploy script. |
753032 |
IdP logins for SP throwing SQL errors on missing session. |
753060 |
User simultaneously created duplicate IdP session - resulted in broken session. |
752753 |
System Access inaccessible if web certificate /CA are missing. |
554763 |
Frequent CSRF errors when using HTTP authentication. |
752747 |
LDAP sync appears to be updating every user record, including unmodified ones. |
750732 |
Login activity not relayed from LB nodes to Master (for user expiry, etc). |
740202 |
Better error-reporting when trying to restore a config which is for a different model. |
735652 |
Unnecessary deletes on load-balancer causes really long re-sync delays. |
752242 |
Logs: FortiAuthenticator should log details when FIDO registration fails. |
753921 |
Change label wording for "Pre-Login Services "==>" FIDO Revocation". |
752226 |
FIDO: "Clear all Keys" should delete the keys. |
744134 |
FortiAuthenticator should show "FIDO" in the token column of user page if user has registered a FIDO token. |
751543 |
FTC- user_ip field in auth request is using Country value instead of IP. |
744287 |
OpenSSL 1.1.1l security fixes -- August 2021. |
747232 |
Pillow--- Precaution upgrade. |
718365 |
HA Cluster not able to access management port IP. |
739187 |
REST API authentication for remote user with upper case should not return 401. |
758164 |
Remote RADIUS user case sensitivity is not working properly. |
736062 |
PCI enabled FIDO authentication portal does not work with FIDO user. |
737640 |
Sync rule with multiple OTP assignment methods fails to sync users over if they are missing any one of the LDAP attributes. |
745963 |
Unable to retrieve FIDO token 500 internal server error. |
752616 |
Rephrase label "Every configured password and OTP factors". |
576467 |
Request-URI too long error when we try to export or E-mail large amounts of newly created guest users. |
558658 |
Rephrase timeout error message for timeout in deleting FTC user. |
732139 |
Windows Event Log Sources JavaScript Error. |
744577 |
Cannot import AD user groups as SSO Groups that have '+' in their names. |
734462 |
Extraneous "No search results" message appears under RADIUS Attributes section in user group page. |
602248 |
Migrating a user that already exists causes 500 internal error. |
743645 |
Cannot change the name of local users realm. |
739542 |
Remote RADIUS users with duplicate name REST API call cause 500 errors. |
603411 |
Exporting guest users phone number format incorrect. |
736652 |
New self service portal does not prompt for token resync, allows access with drifted OTP (when within configured window). |
734474 |
LDAP users are able to enable security question through Self-Service portal without actually setting a security question. |
732406 |
Editing security question results in duplicate UI in the pop-up. |
731214 |
500 Internal server error when end user has duplicate certificate bindings. |
680974 |
"Forgot password" option does not work on portal when user is temporary locked. |
736020 |
"None" option for token assignment missing in self-service portal MFA page. |
736017 |
Revoked FIDO token should display time in local time and not UTC. |
737638 |
Missing username in Oauth Request causes 500 server error. |
734475 |
"Internal Server Error" when local user enables security question without setting the security question through captive portal. |
579174 |
FortiToken mobile for a remote radius user on the FortiAuthenticator server and also on the FortiAuthenticator client fails to work. |
712166 |
SCEP gives wrong validation message if "Renewal Days" expiry is left empty. |
739570 |
Unable to create RADIUS attribute matching when creating a RADIUS policy. |
734034 |
Cannot see MAC devices limit in portals settings for Firefox. |
734892 |
FIDO popup message when saving user local information. |
758463 |
FIDO key registration failing first try on iOS 15.1. |
761747 |
Force password change not working when FIDO is enabled in portal policy. |
751208 |
FortiAuthenticator cannot support "mschapv2" as password encoding format for the RADIUS client. |
736670 |
api/v1/ssoauth/ API request returns 500 internal error occassionally. |
749559 |
Windows AD computer authentication option missing from RADIUS policies. |
743629 |
Remote RADIUS user takes longer than 30 sec to verify the deny process. |
744073 |
FortiGate fails to get FSSO list from FortiAuthenticator if the login user group belongs to OU with special characters like +EU. |
701758 |
Problem setting static IP address on a FortiAuthenticator-VM installed on a XenServer. |
761875 |
In the captive portal, when a wrong token code is entered, FortiAuthenticator does not display any error message and just redirects to the login page. |
763503 |
Remote user sync rule does not work with email/FTC 2FA. |
762263 |
PCI mode's behaviour for user without FIDO enabled is incorrect. |
762268 |
Password change not working for remote LDAP users. |
603510 |
Memory usage is High. |
763803 |
LB sync is broken for MAC devices if it is associated to a non-synced user. |
746715 |
Optimize introduction of Load Balancing node(s) to an A-A Cluster to provide high availability. |
760305 |
CLI's "exec ha-rebuild" does not work; cannot find required binaries in PATH. |