A new version of AuthAnvil Two Factor Auth is available
With the latest version of AuthAnvil Two Factor Auth (version 5.5) we have made strides to align all our products together in a single stack. A key shift is that we have made some core architectural changes:
- We have moved to the Microsoft .NET 4.5 framework for all components.
- We have moved to SQL Server 2014 Express Edition.
- We now install AuthAnvil Single Sign On with AuthAnvil Two Factor Auth.
As part of this release, we have also:
- Fixed over 50 internal and UI defects and added feature requests reported by customers.
- Added new auditing capabilities that can better trace the caller to authentication requests.
- Added a new AuthAnvil Proxy server as an agent, that supports the new auditing capabilities.
- Updated web services to better handle load balancers with stateless requests.
- Added a new simplified clustering install mode to the installer
Fixes and Feature Additions
Most of the defects and requests asked for are behind the scenes. We have added capabilities for brandable emails and better handling of the delivery of status emails as required. We fixed a whole bunch of inconsistent state issues relating to supporting master administrators and now ship with a bunch of extra tools to help admins and support to address configuration changes such as database, master admin password, tenancy creation etc.
You will now notice two new columns in the audit logs. The first is the "Forward For" field. When an AuthAnvil authentication request includes the X-Forwarded-For HTTP header, this gets bound as the calling IP. This is useful for tracking authentication requests behind firewalls and load balancers, allowing you to get the actual IP address of the authenticating user.
The second column is called "TAG", which is a configurable option that is added to the authentication header to allow you to sort the audit logs by its TAG. This is useful if you are an MSP that manages a hosted AuthAnvil infrastructure and want to separate and isolate logs belonging to individual client networks. Combined with the "Forward For", you can get a much better understanding of who is making authentication requests in a more constrained environment... and helps to meet several key compliance obligations by many of our customers.
With the enhanced auditing available and exposed through the web services, we added a new AuthAnvil Proxy service that takes advantage of this. So customers can install this as a Windows service behind a firewall or load balancer, and point AuthAnvil agents to it and allow the proxy to add the authentication headers. Below is a screenshot of how simple this really is:
From a security perspective, it's just as easy. You can take advantage of the Windows Certificate Store to load the SSL certificate to use for the communication between the agent and the proxy, and then redirect that to the target server where AuthAnvil resides.
Note: Remember to open the proxy port in the Windows firewall where the proxy service is installed!
With this release, we made clustering and fault tolerance a whole lot easier.
AuthAnvil now includes a PowerShell script that will interrogate an existing AuthAnvil server deployment to determine what product is installed and ask you for a destination name to generate a CLU file (*.clu) .
This output file will work in the installer for all three core AuthAnvil products, allowing you to add a new node to an AuthAnvil cluster in just a few clicks. You will notice the option to use a CLU file for a cluster in the base menu when the installer starts.
Ready to Go, or do you need some help?
If you are ready to move forward with this update, you can grab the latest release here. For upgrade instructions, you can go here. And if this is your first installation, make sure you head here first. Here is a direct link to the installer.
Of course, if you don't want to do this on your own, we do have a pro-services team ready and willing to help. Reach out to your account manager or email [email protected] for more information on our professional service offerings.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .