Skip to content

Release Notes

CEP 1.10 includes a new features and enhancements and solve one issue.

Default Behavior Changed

AA Server information disclosure is now disabled by default but can be enabled by setting the CEP_HIDE_AASERVER_INFORMATION parameter to false.

What’s New?

App Vendor Selection

The CEP now provides selection of smartphone app vendor. More.

Alphanumeric Sorting Of Already Enrolled And Available Methods

A parameter for alphanumeric sorting of enrolled and available methods on authenticators overview and support page has been added. If alphanumeric sorting disabled the CEP sort enrolled methods in order coming from AA and CEP configuration. Alphanumeric sorting is disabled by default.

Example
    environment:
      - CEP_METHOD_SORT_ALPHANUMERIC=true

Validation Of SMS and Voice via AA

AA now supports verification of phone numbers and mail addresses. This has been part of the CEP already. Now the CEP use the verification functionality of AA If enabled in the method configuration of AA. Enabling verification in AA method configuration will overwrite the CEP parameter for internal verification.

Message For Second Factor Selection

A new message for selecting the second factor after basic auth authentication has been added.

Image title

Enforcement Of basic Authentication Via Authorization Header

If the parameter CEP_BASICAUTH_ENFORE_PROXY_REDIRECT it true all request to /login will be redirected to /login/basic for basic authentication via authorization header if all the following dependencies fulfilled.

  1. CEP_BASICAUTH_ENFORE_PROXY_REDIRECT=true
  2. CEP_BASICAUTH_ENABLE=true
  3. Request is forwarded by a trusted proxy and X-Forwarded-For is present.
  4. Authorization header is present
  5. User is directly requesting /login
Example
    environment:
      - CEP_BASICAUTH_ENABLE=true
      - CEP_BASICAUTH_ENFORE_PROXY_REDIRECT=true

What Has Been Improved?

Improved Default Return URL Redirection

Users will only be redirected to the default return URL If a session cookie is present, but no valid session found.

Smartphone Offline OTP Automation

After a user inputs the full OTP, validation of the OTP starts automatically.

Health Checks Trusted IP Configuration

The parameter CEP_TRUSTED_HEALTHCHECK_IPS now supports CIDR notations.

Example
    environment:
      - CEP_TRUSTED_HEALTHCHECK_IPS=["192.168.100.10", "192.168.1.0/24", "192.168.25.0/24"]

Display Of OTP destination

If a user enrolls or test an asynchronous OTP (SMS / Voice / Email) method a new message includes the destination where the OTP was sent to. For example: "An email with your one-time password has been sent to me@example.com."

Optimized Login Page

The size of the login page has been reduced. Assets (GIF) for methods will only be loaded If the authentication method is enabled.

Resolved Issues

Issues

  • Fixed redirect after successful enrollment of TOTP during the wizard.
  • Fixed error handling of already enrolled devices for CARD:1 method.
  • Fixed re-enrollment of U2F:1 method due to an AA API change.
  • Fixed password remembering on TOTP enrollments.