SafeNet Agent for Microsoft IIS Release Notes
SafeNet Agent for Microsoft IIS is designed for Terminal Services Web (TS Web), but can also be used for IIS websites and resources where the authentication method is configured to use the Microsoft authentication. The agent ensures web-based resources are accessible only to authorized users, whether working remotely or behind a firewall, by prompting for additional credentials during logon.
By default, logon to the TS Web requires that the user provide a correct user name and password. SafeNet Agent for Microsoft IIS augments this logon mechanism with strong authentication by adding a requirement to provide a One-Time Password (OTP) generated by a Thales authenticator.
For additional information about features and system requirements, refer to SafeNet Agent for Microsoft IIS.
For a list of existing issues, refer to Known issues.
Release Information
12/2025
This general availability release of SafeNet Agent for Microsoft IIS version 2.2.0 introduces the following features and resolves the issue listed below:
-
Windows authentication support: Windows Authentication (IIS Windows Authentication mode) is now supported by the IIS Agent when operating in Classic Mode with SAS PCE, enabling the agent to use native IIS Windows Authentication. When the agent is running in Next Gen Mode with STA, it continues to operate exclusively with anonymous authentication.
-
Support for Windows Server 2025: The agent has been updated to support Windows Server 2025.
Resolved issue
| Issue | Synopsis |
|---|---|
| SASNOI-23123 | OTP now triggers only after successful AD credential validation. |
05/2025
This general availability release of SafeNet Agent for Microsoft IIS version 2.1.0 introduces the following features and resolves the issue listed below:
-
ASP.NET-based applications support: The agent supports ASP.NET-based applications such as SharePoint and CyberArk, enabling seamless integration for the web apps built on the ASP.NET framework. This enhancement ensures better performance, scalability, and ease of use for ASP.NET-based application architectures.
-
Removed support for agent migration: Agent migration for version 2.1.0 and above is no longer supported.
Resolved issue
| Issue | Synopsis |
|---|---|
| SASNOI-20480 | Users can now access the SharePoint and CyberArk applications when the IIS agent is enabled. |
07/2024
This general availability release of SafeNet Agent for Microsoft IIS version 2.0.3 introduces the following features:
-
Thales branding: The SafeNet Agent for Microsoft IIS has been redesigned with the Thales branding.
-
Security fix: This release introduces a security fix for the most secure version of SafeNet Agent for Microsoft IIS. For more details, please refer the security bulletin (ref: 20240726).
05/2024
This general availability release of SafeNet Agent for Microsoft IIS version 2.0.1 introduces the following features:
-
FIPS support:
- The FIPS mode within the operating system with AES-GCM and RSA key standards.
- The FIPS mode for decrypting the agent’s BSID key.
-
Upgrade support: Supports the upgrade from 2.0.0. To upgrade, run the installation wizard and select appropriate options when prompted.
Note
You must update the new agent configuration file using the management console, after it is downloaded. After the upgrade is complete, the IIS server restarts. The upgrade should be performed during non-peak hours to avoid disruption of services.
07/2019
This general availability release of SafeNet Agent for Microsoft IIS version 2.0.0 introduces the following feature and resolves the issue listed below:
- Enhanced Security: The AES-GCM encryption algorithm is now used to provide a faster and more secure way to protect data exchange between the SafeNet Agent for Microsoft IIS and the SAS solution. Enabled by enhanced security, the agent delivers a more robust, and dependable authentication experience. A more secure key standard, like AES-GCM, can also help you comply with your organization's security policy requirements. This feature is supported on SAS Cloud and SAS PCE/SPE v3.9.1 onwards.
Note
To use the AES-GCM key standard, the administrator must download a new Agent.bsidkey file from SAS and update the same (in the agent) at Configuration Management > Communications > Agent Encryption Key File.
Resolved issue
| Issue | Synopsis |
|---|---|
| SASNOI-9886 | Time stamp format of the secured URL has been updated to be more generic. |
06/2018
This general availability release of SafeNet Agent for Microsoft IIS version 1.1.0 introduces the following features and resolves the issues listed below:
-
Security Enhancements: Several security issues have been resolved, including hardening of the directory permissions level.
-
Support for Transport Layer Security (TLS) 1.1/1.2: Supports TLS 1.1 and 1.2 protocols.
-
Extended Operating System Support: Users will be able to seamlessly install, configure, and execute the agent in a Windows Server 2016 (64-bit) operating system environment. In addition, the Windows Server 2008 operating system is no longer supported.
Resolved issues
| Issue | Synopsis |
|---|---|
| SASNOI-7974 | Secured the vulnerability that made the agent susceptible to cross-site scripting attacks. |
| SASNOI-7418 | AD password is now removed from the logs files of the agent. |
| SASNOI-7351 | The agent now authenticates IIS web resources successfully with Mozilla Firefox version 57 browser. |
01/2016
This general availability release of SafeNet Agent for Microsoft IIS version 1.06 introduces security enhancements and resolves the issue listed below.
| Issue | Synopsis |
|---|---|
| SASIL-1944 | A user without privileges no longer has access to the SafeNet Agent for Microsoft IIS installation directory following installation by the domain administrator. |
Upgrade limitations
Upgrade from earlier versions of the SafeNet Agent for Microsoft IIS to version 2.0.0 is not supported.
Known issues
This table provides a list of known issues as of the latest release.
| Issue | Synopsis |
|---|---|
| SASNOI-21966 | Summary: After authentication, when accessing the protected application, the Thales favicon appears instead of the application's favicon Workaround: Replace the default Thales icon with the customized |
| SASNOI-4089 | Summary: There is no documented procedure for customizing the SafeNet Agent for Microsoft IIS user interface. Workaround: None. This will be resolved in a future release. |
| SASNOI-22168 | Summary: While authenticating with the GrIDsure token, users need to re-enter the Grid OTP. Workaround: None. This is an intermittent issue and will be fixed in a future release. |
| SASNOI-21953 SASNOI-22013 |
Summary: Logging issue. While accessing a protected site of SharePoint, the log files are not created at the default log location for the application. Workaround: None. It will be resolved in a future release. |
