Products
Products
Support
Support
Contact
Contact
Sitemap
Sitemap
Shop
Shop
 
Home
Solutions
Products
Licenses
Download
Manuals
Support
News
Build History
Success Stories
My.Comtarsia

     




Update Notification
Update Notification
Download



(February 10, 2020)

Microsoft changes and security reasons may require an update to setup bundle 6.1.26.4 or higher and possibly configuration changes.

Active Directory LDAP Changes:

Microsoft plans to release in March 2020 an update for Microsoft Windows Server that will affect LDAP communications to the Active Directory LDAP server.  This update will change the default value of policies that control which authentication method can be used to bind to the Active Directory LDAP server. Details can be found in the Microsoft document:
 
  https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

The following table helps to decide if changes to an existing Comtarsia Logon Client or Comtarsia SignOn Proxy configuration are needed:

 SSL
 Enabled
 UserDN
 Mode
 UserDNPrefix Necessary changes
  Yes   Any   Any   No change
  No   Static DN   cn=   Change to SearchForUser=2 + NTLM authentication mode or
  enable SSL
  No   Static DN  samaccountname= or
 userprincipalname=
  Enable NTLM authentication mode or enable SSL
  No   Searchforuser   Any   Use UserDNPrefix= samaccountname or userprincipalname and
  enable NTLM authentication mode or enable SSL

If in your environment it is currently not possible to make configuration changes, another option is to manually change the Windows Server group policy options back to the previous values after the update was applied. Details are outlined in the above linked Microsoft document.

For the users to be able to change their passwords, an SSL/TLS connection to the Active Directory is still mandatory. Alternatively, the SignOn Proxy can be installed on a domain controller using the native Active Directory mode, in this case, the Active Directory server does not need to have SSL enabled.

For a detailed overview of Active Directory authentication, configuration options for the products Comtarsia Logon Client and Comtarsia SignOn Proxy see this document:
https://signon.comtarsia.com/Downloads/Englisch/Manual_ActiveDirectoryAuthModes.pdf

TLS Changes:

All Comtarsia SignOn Solution products with the bundle 6.1.26.4 or higher support TLS up to version 1.3. We recommend updating to this new version for enhanced security. Comtarsia modules with these updates negotiate the highest security level and are therefore compatible with previous versions.

 

 




All product and company names mentioned herein are the trademarks of their respective owners. (c) 2001-2018 Comtarsia IT Services GmbH. |  Print  |  Impressum