Skip to content

Mideye Server 6 - New Features and Enhancements

Overview

Mideye Server 6 introduces a suite of new features, enhancements, and critical bug fixes to enhance security, usability, and integration capabilities. This summary highlights the key updates from Mideye Server 6.

New Features

Assisted Password Reset (6.2.8)

  • Web Portal for Password Reset: Enables users to reset their passwords via a web portal using the Assisted Login mechanism, requiring approval from an authorized approver through the Mideye+ app.
  • Magic Link Mechanism: Allows users to authenticate using magic links sent via SMS, supporting RADIUS clients without challenge-response capabilities.
  • Magic Link API: Provides a REST API alternative for authentication using user phone numbers and optional parameters.
  • Enhanced Magic Link Configuration: Supports multiple endpoints and detailed logging for magic link events.

Hybrid LDAP Accounts (6.1.4)

  • Account Duplication: Enables duplication of LDAP user accounts in the Mideye Server database, allowing assignment of user parameters directly within Mideye.

TOTP and HOTP Token Support (6.0.2)

  • On-Premise TOTP Tokens: Supports both software and hardware TOTP tokens with seeds stored locally, allowing token validation without central service dependency.
  • HOTP Hardware Tokens: Adds support for HOTP tokens with on-premise seeds and automatic re-synchronization via RADIUS.

Enhancements

RADIUS Enhancements

  • IP Subnet Support (6.4.2): Allows specification of RADIUS client and shared secret IPs using CIDR notation (e.g., 192.168.1.0/24).
  • RADIUS Blocking Filter (6.3.1): Enables custom filter rules to block malicious usernames and IPs, preventing log spamming and server overload.
  • Shared Secrets Encryption (6.0.2): Encrypts RADIUS shared secrets in the server database.
  • Comment Field for Shared Secrets (6.2.8): Adds an optional comment field when creating/editing shared secrets.

Assisted Login Improvements

  • Enhanced Logging (6.2.8): Provides more detailed Info-level logs and separate audit logs for Assisted Login events.
  • Configurable Messages: Allows customization of message titles and lead texts in the Assisted Login process.
  • Extended Repository Support: Works with user and approver accounts in various repositories beyond Active Directory, including OpenLDAP.
  • Magic Link Approval: Approvers can use Magic Links for approvals if they haven't activated Mideye+.

Mideye GUI Enhancements

  • New Web GUI (6.0.2): Introduces a more intuitive menu structure for easier navigation.
  • User Search Enhancements (6.2.8): Adds search parameters based on phone and token numbers.
  • Clone Objects (6.2.8): Allows cloning of existing LDAP profiles and RADIUS clients to streamline object creation.
  • Root Password Reset (6.2.8): Implements a forms-based password utility to avoid character encoding issues.
  • LDAP and Azure AD Status Indicators (6.2.8): Displays connection statuses in Directory Settings and Health Checks.
  • Certificate Management (6.2.8): Enhances certificate presentation and supports CSR generation with existing keys.

Security Enhancements

  • Configuration File Access (6.2.8): Limits read access to application-prod.yml to server administrators.
  • API Authorization (6.2.8): Aligns authorization controls between server API and web GUI, blocking unauthorized access to sensitive endpoints.
  • SSL and Encryption (6.1.4 & 6.0.2): Disables weak SSL ciphers and encrypts shared secrets; fixes cryptobug in Java CVE-2022-21449.

Integration and Monitoring

  • Service Monitoring (6.2.8): Sends hourly status messages to Mideye Switch with server and service information.
  • Log Management (6.2.8): Allows downloading of server logs via the web GUI and includes host names in authentication logs for better troubleshooting.

Security Improvements

  • MS-CHAPv2 Fixes (6.4.3 & 6.4.4): Resolves issues causing MS-CHAPv2 to fail after Microsoft KB5040437 update.
  • Password Hash Protection (6.2.8): Prevents GUI Operators and Administrators from accessing password hashes via the server API.
  • Server Info Protection (6.2.8): Blocks non-authenticated users from accessing server information like release version and OS details.

Bug Fixes

  • Web GUI Stability (6.4.4, 6.4.3, 6.4.2): Addresses errors in Authentication and Audit Logs, and resolves issues with MS-CHAPv2.
  • Assisted Login Reliability (6.2.8): Fixes persistent sort order, account deletion issues, and enables Assisted Login with MS-CHAPv2.
  • Magic Link Improvements (6.2.8): Fixes truncated SMS texts and enhances logging for Magic Link events.
  • General Stability: Numerous bug fixes across versions improve overall server reliability and user experience.

Technical Enhancements

  • Java Upgrade (6.0.2): Upgrades bundled Java platform from Java 8 to Java 17 and Spring Boot to 2.6.6.
  • Encryption and Security: Enhances encryption protocols and security measures to protect sensitive data and communication.
  • Enhanced Redundancy (6.1.4): Improves failover logic to ensure server continuity during switch failures.