Summary

Laserfiche Directory Server 10.2 adds flexibility options to the security token service. This topic highlights the major changes.

Hosting the Security Token Service On a Separate Server

You can now install instances of the security token service(STS) separate from the Directory Server service itself. This allows installing an instance of the STS in the DMZ to support authentication while keeping Directory Server itself within the internal network.

Active Directory Federation Services (AD FS)

Directory Server now supports Active Directory Federation Services (AD FS) for user sign-in. When configuring an Active Directory identity provider, you can add AD FS configuration information. Directory users registered from this identity provider will see the option to sign in with AD FS on the Directory Server sign-in page.

Additional Changes and Fixes

• The Security Token Service Configuration page now includes an Always use Windows authentication option. When the option is selected, the STS will always attempt to authenticate a user with their current Windows session without the user having to manually click the "Sign in with Windows Authentication" option on the sign-in page. (146632)
• You can now configure security and email settings on the (Root) organization.
• The Directory Server Web Administration Console now displays the Community User and Employee Participant license types.
• There are now account lockout options for failed sign-ins.
• Email server profiles and email templates have additional security settings.
• 1013748 In certain situations, Directory Server could prevent users from signing in with Windows authentication. Users would receive a "The user account or password is incorrect. [9010]" error message when signing in through Windows authentication. (138520)

More Information

1013877 Release Notes for Laserfiche Directory Server 10.2.