23.3 enhancements and patches
Version | SaaS | On premises | Fixed issues | Updates and enhancements |
|---|---|---|---|---|
23.3.01 | ✅️ | None | None | |
23.3.00 | ✅️ |
For a list of recent updates and enhancements across multiple versions, see Release-notes-and-notices.
BMC applies upgrades as described in the BMC Helix Upgrade policy. BMC applies upgrades and patches during Maintenance windows.
(On premises only) Downloading and installing the patch
Downloading from EPD | |
|---|---|
Patch installation |
23.3.02
Automatic logout after inactivity for the configured time period
BMC Helix SSO supports the automatic logout of users from all applications after inactivity for a configured time period.
This option is now available for deployments where applications are protected by the BMC Helix SSO agent which communicates with the BMC Helix SSO server using the legacy flow.
For more information about configuring the logout timeout period, see Enabling-idle-timeout-for-integrated-BMC-applications.
Customize logout request templates for a smooth single logout process
For SAML based authentication requests, you can customize the configuration values defined for the logout requests. Edit the Logout Request template for any changes required to the logout request configuration.
You can edit the default template or define a custom template. The default template is applicable to all Realms in the Tenant, and the custom template is applicable only to the specific Realm.
For more information about editing a logout request template, see Importing-configuration-from-an-identity-provider-and-configuring-SAML.
Enable liveness checks for Auth Proxy container
Enable and use the new endpoint to verify the status of the Auth Proxy container. The liveness health probe returns the HTTP OK (code 200) response if AuthProxy is up and running
Update the Auth Proxy configuration to enable the endpoint to verify the status of the Auth Proxy container so that the BMC Helix SSO server can route requests through a working Auth Proxy server.
Enhanced security for communication between BMC Helix SSO agents and BMC Helix SSO server
The BMC Helix SSO server and agent require a consumer key to communicate securely. You can generate multiple consumer keys so that the default consumer key is no longer used for multiple BMC Helix SSO agents communicating with the same BMC Helix SSO server.
This ensures that access to BMC Helix SSO server configuration information is available only to that BMC Helix SSO agent.
For more information about generating additional consumer keys, see Generating-consumer-keys-for-communication-between-the-BMC-Helix-SSO-agent-and-server.
23.3
Provide access to the BMC Helix SSO via UI or Rest API based on access groups for administrators
Configure BMC Helix SSO UI and Rest API admin access based on LDAP groups created for the role.
This configuration ensures that only administrators have access to the BMC Helix SSO Admin Console via the UI or Rest API based on the LDAP groups to which they belong. Service Account users are not allowed to access the BMC Helix SSO Admin Console.
For more information about configuring access, see Configuring-authentication-for-BMC-Helix-SSO-administrators.
View details for login resource in audit records
BMC Helix SSO administrators can view the resource of the login activities to troubleshoot BMC Helix SSO configuration issues.
For more information about viewing the audit records, see Reviewing-audit-records.
Follow on-screen instructions for password requirements
While updating or changing passwords, users can follow on-screen instructions to comply with the minimum requirements for a password. The instructions are displayed on any screen where a password can be updated or changed.