2.0.5 Release Notes

March 30, 2021

Features

  • When you are signing into Secret Server through WPF, a token is automatically generated for you. A window opens briefly showing the Generate Token button being pushed automatically, then the window closes.
  • When you are logged into both Secret Server and Web Password Filler and you then log out of Secret Server, you are now automatically logged out of Web Password Filler.
  • When you are logged into Secret Server and you click on a URL where you have a Secret configured, you will now be automatically logged into WPF, have a token generated for you, and have your credentials populated into the sign-in fields for the website.
  • You can now specify the position for your pop-up Secrets list to appear: in the upper right corner of your window (default) or just below the username field, using the Native Messaging Host configuration file.
  • When you are connected to WPF and you close your browser window without logging out, you will remain connected to WPF when you re-open your browser. You will still be logged into WPF for the duration of your web session timeout specified in Secret Server. In enable this feature, you must use the Native Messaging Host configuration file.
  • When you are recording a session in an incognito window and the session recording ends due to a recording timeout limit (default 2 hours), WPF will close only those tabs where the session recording ended due to a timeout limit.
  • Users and administrators can now extend the default recording time of two hours for a session to a maximum of eight hours, using the Native Messaging Host configuration file.
  • You can now choose to have WPF require exact URL matches. If you choose this setting and the URL you browse to is not an exact match for the URL stored in the Secret, WPF will not display the Delinea checkmark logo and will not automatically populate your credentials into the website's username/password fields. See Native Messaging Host.
  • In Safari, WPF now prompts the user with a message when using a secret that requires check out.
  • When WPF encounters errors in the Native Messaging Host JSON file, it now logs those errors in the native-messaging.log file.
  • You can now manually refresh your list of available Secrets by right-clicking the Delinea checkmark logo in a credentials field, clicking Secret Server Web Password Filler, and clicking Refresh Secrets. See Native Messaging Host.

Bug Fixes

  • Resolved an issue of WPF automatically populating values on some websites even when auto populate was deselected.
  • For security reasons when you log out of Secret Server, you will be logged out of WPF as well, even if you were logged in as two different users. This is expected behavior.
  • Resolved an issue of WPF not adding some alphabet characters to fields when adding a Secret using “Add Account to Secret Server.”
  • Resolved an issue of WPF generating an error related to Secrets with Checkout enabled.
  • Resolved an issue of WPF generating a 400 Error when launching Secrets from Secret Server via WPF.
  • Resolved an issue of WPF not detecting Secret Server login when using Duo MFA.
  • Resolved an issue of WPF opening an extra blank tab when launching a webpage in Incognito mode.
  • Resolved an issue of WPF filling the username field on the Microsoft authentication TOTP page.
  • Resolved an issue of the Login button being grayed out when the WPF launcher populates credentials or launches a Secret.
  • Resolved an issue of WPF being unable to find username controls on the Oracle WebLogic Console login page.
  • Added logic to retry and stop when pages became unresponsive attempting to overwrite WPF changes to the background image.
  • Resolved an issue of WPF prompting the user to enter credentials on a new page after they have already logged into that website.
  • Resolved an issue with service now incident time logs page being auto filled by secret credentials
  • Resolved an issue in the Safari browser after the user clicks “Show All,” of WPF displaying only the window in focus while leaving the non-focused windows in the background.
  • Resolved an issue in the Safari browser of WPF not closing the About popup window.
  • Resolved an issue in the Safari browser of WPF not correctly identifying a username field named “usr.”

  • Resolved issues of WPF filling undesired form fields on multiple websites, including the following:

    • IBM Storewize V7000
    • Imperva Securesphere Management
    • Kaseya VSA, Daffron Customer Information Systems
    • Oracle netsuite and slm.saas.services
    • Various sites reported by IH Mississippi Valley Credit Union
    • Various internally-developed Web apps
    • http://isupportsvr1/rep
    • http://premieragent.zillow.com/crm/agentlogin
    • https://cmpame.cmpa.org
    • https://comp.makonetworks.com
    • https://hqprrsa02.cmpa.org:7004/console-ims
    • https://nystateofhealth.ny.gov/
    • https://prtg.centergrid.com/
    • https://secure.trust-provider.com/
    • www.logicmonitor.com

Known Issues/Limitations

  • If session recording is ON and you make changes to the extensions settings via managed extensions, the recording may take a few minutes to stop. This is because when changes are made to the extension, the WPF connection is broken and has to be reestablished.
  • If you are attempting to log into WPF using the Firefox browser and you do not have a valid and active license for Secret Server, the generate token page refreshes repeatedly. In chrome and chromium the page appears just once.

Answers to FAQs

  • On macOS Big Sur 11.0.1 and 11.2.0, some WPF tabs can appear distorted. To correct this issue, please upgrade your macOS OS to the newest version.
  • WPF now supports Safari running on the following macOS versions: Catalina, Mojave, Big Sur 11.1.0, 11.2.1 and later.
  • Live Session Monitoring is not supported for sessions recorded by WPF.
  • The Diagnostic button is visible when you are on a website. It is not visible when you open a blank tab or a new window.
  • If you are logged into Secret Server and WPF as the same user or as different users, when you log out of Secret Server you will be logged out of WPF also. This is expected behavior because, for security reasons all cookies are cleared for the instance when you log out of Secret Server.
  • accounts.booking.com, login.booking.com, trips.booking.com are all the same "site" and do not violate cross scripting rules so everything that is accessed in one, can be accessed in another. They share a token / login. When a session ends, all associated sites / pages / tabs are closed and cookies are deleted for security reasons to prevent accidental capture. Using the incognito window eliminates this issue by allowing you to have an independent recording session for accounts.booking.com and another for login.booking.com.