Hi Pals of Proxy,
PROXY Pro v10.2 Hotfix #3 is now available! This is an important release to upgrade to for those using PROXY Pro RAS and Azure AD for authentication! To ensure a consistent, reliable experience using PROXY Pro’s Azure AD integration, you must upgrade to PROXY Pro Server v10.2 Hotfix #3. Customers can head to www.proxynetworks.com/download to grab the latest software zip file. PROXY Pro RAS customers should download, extract and from within the server components folder, run PROXYProServerProducts.exe to upgrade the server components. PROXY Pro P2P Edition customers are not affected but are still encouraged to upgrade. A few points:
- Google Chrome is introducing changes in how cookies are handled that impact the OpenID Connect authentication used in the server component of the PROXY Pro RAS product. When the change is in effect (expected in Chrome v80 in early February), PROXY’s integration with Azure AD will be affected.
- Initially, Chrome will provide a 2-minute grace period in which authentication will work. If an authentication takes longer than 2 minutes, (e.g. workflows where you’re prompted by AAD to change your password), it will fail. A future version of Chrome will eliminate this grace period, and other browsers are expected to make similar changes in future versions.
- A good discussion of how these cookies are used can be found here: https://web.dev/samesite-cookies-explained/ and also here: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Below are the major changes in this release, pulled from the latest “What’s New?” PDF:
- The PROXY Identity Manager has been updated to be compatible with Google Chrome version 80, which changes the handling of some cookies. This update is required in order to ensure that PROXY integration with Azure Active Directory works correctly; it’s strongly recommended in all cases. Please see the blog post https://web.dev/samesite-cookies-explained/ for more information about this change in Chrome.
- Host and Master installers no longer default to installing the optional “Remote Printing Support” component. If Remote Printing support is desired, this optional component should be selected during an interactive installation of Host or Master or enabled via the MSIEXEC command line option “INSTALLLEVEL=100” (this works the same for both Host and Master installers). Note well this only changes the default for new installations; upgrades will update the Remote Printing component if it was previously installed, or leave it uninstalled if it was not installed.
- Gateway Server issue that could cause the Web Console “Activity” views to be inaccurate is resolved. The issue only occurred if, while the Gateway Server is operating, the SQL Server database becomes unavailable, and then becomes available again. In this case, updates to the “active” objects (connections, Host activity, recording activity, etc.) could have been lost, resulting in “stuck” activity items. Note that these were always cleaned up when Gateway Server restarts, so there’s no persistent errors, but the Activity views were not perfectly reliable when this issue occurred.
Development efforts continue on the next release, PROXY Pro v10.3 and we hope to have that wrapped up next!
Proxy Networks Support Team