What’s New

ISL AlwaysOn 4.4.2332.78 provides a bug fix.

Fixed issue with “Stream in best quality” selection

User experienced an issue with reduced desktop sharing performance when connected to an ISL AlwaysOn machine and having the option to stream in best quality. The issue was that the streaming side chose to stream in “Full Quality (ZRLE codec)” instead of using the “Quality Optimized (ISSC codec)”.

When direct connection functionality was introduced this issue also became apparent. There are two special channels -1 and -2 which are used for program initialization, status and reliability messages. The special channels should have priority when sent over the network, however due to an issue they were not prioritized.

When desktop streaming is initialized it sends its init messages to remove side on channel -1 and when remote side received init messages it starts desktop streaming on desktop channel. This caused an issue because desktop stream was sent to other side before all desktop init messages were received, causing to start streaming with incorrectly selected codec.

The issue was fixed.

ISL Light > Computers > Connect to Computer > Connect Options

ISL AlwaysOn 4.4.2332.75 provides new features and bug fixes.

New Features

Hefa watchdog functionality updates

• Main Thread ID Switch: The new functionality now allows the main thread ID to be switched to the ID of the current thread. This adjustment is crucial for correctly associating the main thread when watchdog crash dumps are generated.
• Timing Adjustment for Main Thread Checks: The initial check of the main thread was previously set to occur after 60 seconds. This has been corrected to happen after 90 seconds.
• Timeout Extensions: Both the scheduler and watchdog timeouts have been extended from 90 seconds to 120 seconds. This increase aims to provide more leeway in processing before a timeout condition is triggered.
• Default Timeouts Update: Similarly, the default timeout settings have been increased from 90 seconds to 120 seconds, enhancing the system’s tolerance to longer task durations before flagging an error.

These changes are designed to improve the robustness and reliability of the watchdog mechanism in handling process monitoring and error detection.

Switch watchdog main thread on Windows

New version of ISL AlwaysOn features the following watchdog functionallity changes:

• Updated watchdog functionality to include longer timeouts.
• Watchdog crashes occurring in services are now categorized as service crashes instead of GUI crashes.
• Added a new parameter, sys:1, to crash reports. This parameter indicates that ISL AlwaysOn was launched under a system account and is running as an application, not as a service.

Bug Fixes

Crash when a grid is removed in registry with granted connection on

If users accidentally delete the registry key that ISL AlwaysOn relies on (specifically the grid key), the application will no longer crash when attempting to connect to the server. We’ve implemented a new check for the presence of this key. Now, if the key is missing, the application will simply ignore its absence and continue to operate without crashing. This update ensures better stability in cases where the registry configuration might be altered or corrupted.

Move tray handler to separate threadpool

In the previous version of ISL AlwaysOn, the tray handling operated on the main thread. This could occasionally lead to memory corruption when the service was terminated. To address this issue, the tray handling process has been restructured to operate within a separate thread pool.

Deadlock in main app on Windows

The ISL AlwaysOn watchdog experienced crashes under specific conditions when the main thread was blocked waiting for a resource. This issue also prevented the ISL AlwaysOn service from being terminated as expected. The service’s waiting loop has been restructured to avoid using locks, allowing the service to be stopped as needed.

ISL AlwaysOn 4.4.2332.70 provides new features and bug fixes.

New Features

Improvements for optimizing client connections in single address GRIDs

Several changes were implemented to optimize client connections in single address GRIDs where client DNS servers do not properly transfer the client’s IP address to ICP:

• The “Check-Address: 1” header will be sent to ICP during geo-reconnect to notify ICP that geo-reconnect with the server address in “Address-Reconnect” is supported.
• The “Service-Reconnect: 1” header will be sent to ICP during service reconnect to notify ICP that service reconnect with geo-reconnect is supported.
• The “Address-Reconnect” response header will be handled as the new server address in the reconnect.
• Service reconnect and geo-reconnect are now combined into the same event and executed simultaneously: Update the service address in the configuration, then reconnect to the new server address.

Improvements for Direct connection

The direct connection setup in ISL Light has been optimized for better performance. Changes include reducing the MTU size from 1400 bytes to 1200 bytes and increasing the connection timeout from 20 to 35 seconds.

Additionally, the system now automatically disables direct connections if the network startup detects oversized packets. Logs have been enhanced to indicate when direct connections are disabled or fail to gather the external address. Metrics have also been updated to detect issues during direct connection establishment.

Close email notification windows when no longer relevant

The notification dialog in ISL AlwaysOn, shown on the computer when an operator initiates a session while the setting to require email authorization is enabled in ISL AlwaysOn, previously failed to close when it was no longer relevant. This resulted in the dialog persisting even after the user had already granted the connection. Now, enhancements have been made to ensure the dialog closes appropriately. Specifically, it now closes under the following conditions:

• When the connection is denied by the operator.The “Service-Reconnect: 1” header will be sent to ICP during service reconnect to notify ICP that service reconnect with geo-reconnect is supported.
• If the connection is denied via email authorization.
• When the connection is granted via email authorization.
• When the authorization timeout occurs.

Switch to common crash framework

The latest update of ISL AlwaysOn incorporates unified crash functions to generate various types of crashes. Furthermore, the application now offers support for crashing via command line argument:

–isl-crash-test

Bug Fixes

Fix wrong RAM info on windows

In specific scenarios, the RAM utilization and size was displayed inaccurately within the system information window when connected to a remote Windows ISL AlwaysOn computer. We’ve revamped the process for verifying RAM size and usage, ensuring that accurate values are now displayed.

Fix crash when there is a change in ISL AlwaysOn computer status

If the ISL AlwaysOn system experienced a delay of 2 seconds in updating the computer status, it could lead to application crashes. To address this issue, the process for updating computer status has been redesigned. The application has been modified to handle delays in execution, ensuring that it no longer crashes under such circumstances.

Install sys deps during installation on Linux

In certain scenarios, when setting up ISL AlwaysOn on a Linux system, users may encounter missing libraries necessary for installation. To address this, we’ve introduced a new command line argument: install_missing. By including this argument during ISL AlwaysOn installation, users prompt the installer to automatically identify and install any missing libraries. If this argument is omitted, the installation process will fail and notify the user about the specific missing library.

Crash report is not sent to ISL Conference Proxy on Linux

The crash reporting functionality of ISL AlwaysOn on Linux failed to send reports to ISL Conference Proxy. The root cause was the absence of the StaticConfiguration.ini file, which provides crucial connection address information to the crash reporting system. To address this issue, the StaticConfiguration.ini file is now included in the installation process of ISL AlwaysOn. Consequently, crash reports are successfully transmitted to ISL Conference Proxy as intended.

Fix crash in cim reading on Windows

In certain instances, the ISL AlwaysOn process crashed while querying system information to construct the constant UID. We’ve redesigned the handling of these queries, ensuring that the application no longer experiences crashes.

Fix potential crash when invoking user action

In certain scenarios, the ISL AlwaysOn application experienced crashes when users clicked on the “Add access” menu item, as well as when deleting connections while the menu item was open. We have redesigned the handling of both cases to prevent application crashes.

Fix a crash in ICE direct connection when calling stop function

In certain instances, there were occurrences of ISL AlwaysOn crashing on Linux when ending sessions. This was attributed to a flaw in managing the conclusion of direct connections. We have since redesigned this aspect, thereby resolving the underlying cause of the crashes. Users should no longer encounter this issue.

Other fixes & improvements

Security updates, missing translations, bug fixes and other improvements.

ISL Light Client 4.4.2332.44 for Windows provides new features and some bug fixes.

New Features

Improvements for optimizing client connections in single address GRIDs

Several changes were implemented to optimize client connections in single address GRIDs where client DNS servers do not properly transfer the client’s IP address to ICP:

• The “Check-Address: 1” header will be sent to ICP during geo-reconnect to notify ICP that geo-reconnect with the server address in “Address-Reconnect” is supported.
• The “Service-Reconnect: 1” header will be sent to ICP during service reconnect to notify ICP that service reconnect with geo-reconnect is supported.
• The “Address-Reconnect” response header will be handled as the new server address in the reconnect.
• Service reconnect and geo-reconnect are now combined into the same event and executed simultaneously: Update the service address in the configuration, then reconnect to the new server address.

Improvements for Direct connection

The direct connection setup in ISL Light has been optimized for better performance. Changes include reducing the MTU size from 1400 bytes to 1200 bytes and increasing the connection timeout from 20 to 35 seconds.

Additionally, the system now automatically disables direct connections if the network startup detects oversized packets. Logs have been enhanced to indicate when direct connections are disabled or fail to gather the external address. Metrics have also been updated to detect issues during direct connection establishment.

Bug Fixes

Fix wrong RAM info on Windows

Checking the system information window when connected to ISL Light Client on Windows would, in certain cases, show the incorrect values for RAM usage and RAM size. The checking of RAM size and usage was redesigned, and the correct values should now be displayed.

Direct connection setting text is split into multiline in certain languages

In some languages, the “Enable direct connection” setting was divided into multiple lines, causing text truncation as it only anticipated single-line input. We’ve revamped the setting, ensuring it now displays correctly even in languages that have multiple lines of text.

Other fixes & improvements

Security updates and missing translations.

ISL Light 4.4.2332.117 for Desktop and ISL Light Client 4.4.2332.16 for Linux and macOS provide new features and some bug fixes.

New Features

Redesgined login window

The login window of the ISL Light application has been redesigned. Additionally, support for “Sign in to an organization” (Single Sign-on) has been added, which is displayed if the server supports this type of login functionality.

ISL Light > Login window

Improvements for Direct connection

The direct connection setup in ISL Light has been optimized for better performance. Changes include reducing the MTU size from 1400 bytes to 1200 bytes and increasing the connection timeout from 20 to 35 seconds.

Additionally, the system now automatically disables direct connections if the network startup detects oversized packets. Logs have been enhanced to indicate when direct connections are disabled or fail to gather the external address. Metrics have also been updated to detect issues during direct connection establishment.

Improvements for optimizing client connections in single address GRIDs

Several changes were implemented to optimize client connections in single address GRIDs where client DNS servers do not properly transfer the client’s IP address to ICP:

• The “Check-Address: 1” header will be sent to ICP during geo-reconnect to notify ICP that geo-reconnect with the server address in “Address-Reconnect” is supported.
• The “Service-Reconnect: 1” header will be sent to ICP during service reconnect to notify ICP that service reconnect with geo-reconnect is supported.
• The “Address-Reconnect” response header will be handled as the new server address in the reconnect
• Service reconnect and geo-reconnect are now combined into the same event and executed simultaneously: Update the service address in the configuration, then reconnect to the new server address.
• Addition of Subject Field in “SET Unattended Access”

The unattended access modal has been redesigned to align with the web modal interface. A subject field has been added to allow for custom email subjects, and labels and placeholders have been integrated into the interface for improved usability.

ISL Light > Computers > Set Unattended Access dialog

Bug Fixes

Fix keyboard navigation in modals, dashboard and login view

The predictability and logic of keyboard navigation cycling were inconsistent in certain scenarios. Consequently, improvements have been made to keyboard navigation (utilizing the ‘Tab’ key) in login, dashboards, and modals.

IP Address incomplete on linux

Users encountered an issue where certain IP addresses were incompletely displayed in ISL Light on Linux. The display of IP addresses has been redesigned to consistently show the complete IP address. The defect was fixed.

Other fixes & improvements

Security updates, missing translations, bug fixes and other improvements.

ISL Light 4.4.2332.100 for Desktop and ISL Light Client 4.4.2332.30 for Linux and macOS provide new features and some bug fixes.

New Features

Enhanced speed: Direct Connection feature

Introducing the “Direct Connection” feature, a significant enhancement to our remote desktop platform in ISL Light.

Direct connections are known for their speed advantages compared to routed connections. ISL Online now automatically chooses the most effective connection technique, either by establishing a session tunnel directly between the local and remote computer or via a routed connection.

Important: To utilize the direct connection feature, it’s essential that the remote side also uses the latest versions of ISL Light, ISL Light Client, or ISL AlwaysOn. For remote support initiated via the website (code, link, or email invitation), the latest ISL Light Client is automatically downloaded on the client side. However, if customers previously downloaded and saved ISL Light Client to their computer, please ensure that the client obtains the latest version. For remote access, ensure that all remote computers are upgraded to the latest version of ISL AlwaysOn (4.4.2332.54). Please refer to the Bulk Action manual to update ISL AlwaysOn on multiple computers with one click.

Once a direct connection is established, it will be indicated in the status bar for user visibility.

ISL Light > In Session > Status Bar > “Direct Connection”

Upon session establishment, ISL Light conducts ICE (Interactive Connectivity Establishment) candidate checks.

ICE (Interactive Connectivity Establishment) candidates are potential network addresses that a device can use to establish a communication channel with another device. ICE candidates include various types of addresses, and their purpose is to help devices discover the most suitable path for communication, especially when dealing with Network Address Translation (NAT) and firewalls. The original connection to the ISL Conference Proxy (using MUX transport) remains necessary for sending metadata, while the actual data is offloaded to the direct connection if available.

During the ICE process, devices exchange their lists of candidates, and connectivity checks are performed to determine the optimal path for communication. The negotiation and selection of candidates are part of the ICE protocol, allowing devices to adapt to different network environments and establish a reliable communication channel. ISL Light assesses the quality of MUX (Multiplexing) transport versus ICE transport. This evaluation considers factors such as ping time, with quality determined based on the latency in communication. The system selects the connection with the lower ping time to ensure optimal performance.

The main types of ICE candidates are:

• Host candidates
• Server-reflexive candidates
• Relay candidates

Host candidates

These are the local IP addresses of the device itself. Host candidates represent the device’s actual network interfaces and are used for direct connection when both devices are on the same local network.

Direct Connection diagram via Host candidates in Local Area Network (LAN)

For the host candidate, the connection initiates (blue line) within the Local Area Network (LAN), originating from the operator’s computer. It traverses NAT to reach the ISL Conference Proxy (ICP). Similarly, the client’s connection follows a comparable route. From there, the connection proceeds (red line) from the operator’s computer, passing through NAT to a STUN server, with the same process occurring from the client’s end. Following this route, the direct connection session (green line) is established between the operator and client computers.

Server-reflexive candidates

Server-reflexive candidates are acquired through STUN (Session Traversal Utilities for NATs) servers. STUN servers reflect UDP (User Datagram Protocol) packets back to the device, allowing it to discover its external address and port visible to the internet. This helps in establishing communication with devices outside the local network, overcoming NAT (Network Address Translation) barriers.

Direct Connection diagram via Server-reflexive candidates (STUN Server(s))

Relay candidates

Relayed candidates are obtained through a TURN (Traversal Using Relays around NAT) server. In cases where direct communication is not possible due to restrictive firewalls or symmetric NAT, devices can use a relay server to relay their data through a third-party server. TURN candidates help in establishing communication when other methods fail.

Direct Connection diagram via Relay candidates (TURN Server(s))

For Relay candidates, the connection starts (blue line) with the operator’s computer passing through NAT, then to the ISL Conference Proxy (ICP). Likewise, the client’s connection follows a comparable route. From there, the connection proceeds (red line) from the operator’s computer, passing through NAT to a STUN server. The same process occurs from the client’s end.

The key difference from server-reflexive candidates is that the direct connection (green line) is established via a TURN server between the operator and client.

Standard Connection

Without direct connection enabled in ISL Light, the connection pathway follows a standard route from the operator’s computer to the network address translation (NAT) point, then to ISL Conference Proxy (ICP). Likewise, the client’s connection follows a comparable route. This route relies on ISL Online’s network of servers for relaying the data stream between the operator and client computers.

Standard Connection diagram via ICP Server(s)

Enabling ISSC Daemon on Windows

ISL Online programs (ISL Light, ISL AlwaysOn, …) utilize the ISSC Daemon framework to efficiently manage processes across different sessions, supported by a consistent API across desktop platforms. However, the initial version of ISSC Daemon faced some issues, such as missing callback functions.

With the new version of ISSC Daemon, we addressed these issues and provided a unified implementation across platforms. This update allows us to utilize the ISSC Daemon infrastructure in ISL Light, ensuring consistency across all platforms. Previously, ISL Light had separate implementations for Mac, Windows, and Linux.

Computer History

We’ve introduced a new Computer History functionality in ISL Light, providing users a view of the activity of selected computer. To access this feature, navigate to the “Computers” tab, click on the hamburger icon of the desired computer, and select “Computer History”.

Upon triggering the search, sessions will populate the table along with relevant session information. Clicking the “More” button grants users access to the chat transcript and basic session information of each session.

ISL Light > Computers > Computer History

File Transfer dialog

In ISL Light, when transferring files from the operator side to the client side, a confirmation dialog was previously missing for remote users. We have implemented a file transfer confirmation dialog, ensuring consistent user experience across all platforms. Now, remote users will receive a prompt to confirm file transfers, enhancing security and user control during the transfer process.

ISL Light > Sessions > Send File > File Transfer dialog

Add “Keyboard is/is not captured” feedback to status bar

Feedback for the keyboard being captured was added to the main window while viewing the remote desktop. This can be seen on the bottom right in the status bar.

The “Right Ctrl” button can be used to switch focus between whether the “Keyboard is/is not captured”.

ISL Light > In Session > Status Bar > “Keyboard is/is not captured (Right Ctrl)”

Upgrade QT to 5.15.11

QT version was upgraded to 5.15.11 in ISL Light application.

Bug Fixes

Screen resolution issues

Previously, in certain cases when connected to a remote ISL AlwaysOn computer, the remote resolution menu was disabled. We redesigned the condition for showing the menu entry, ensuring that the remote resolution menu is now correctly displayed. Additionally, when streaming is not present, the menu is also disabled.

Some users experienced crashes when connecting to an ISL AlwaysOn computer and opening the Change Remote Resolution dialog. We redesigned the dialog’s opening mechanism, eliminating application crashes.

The setting for optimizing resolution based on the first local monitor found in ISL Light settings under the Remote Desktop section was not functioning correctly when connecting to a remote computer. The issue stemmed from parsing errors in the monitor data received from the remote side. We redesigned the parsing mechanism, ensuring that remote monitors’ resolutions are automatically changed to match the resolution of the first local monitor.

Display dialog on top when requesting remote desktop control

We’ve addressed an issue where the dialog for requesting remote desktop control could appear behind other windows. To resolve this, we’ve redesigned the display mechanism for the message box. The topmost property, which ensures the message box is positioned in front of all other windows, is now consistently set across all platforms.

Message box text visibility issue on macOS

We have addressed an issue encountered post-Qt upgrade on macOS where the message box text was not visible. Sometimes the button lacked its blue color, and due to the white font colour, the button’s text was unreadable. To resolve this, we have restored its blue colour to improve readability.

Improved accessibility for dashboard computer icons

Previously, some dashboard computer icons were missing accessibility features. These accessibility names are crucial for users who rely on accessibility tools like screen readers such as Windows Narrator. They enable users to effectively understand and interact with the interface. This issue has been addressed and fixed.

Call ringing issue on the client side

We’ve resolved an issue where calls initiated by operators continued to ring on the client side even after the operator ended the call. This inconsistency occurred when the operator stopped calling, but the client’s device continued to ring. Now, when the operator stops calling, the client will no longer ring, ensuring that calls are properly terminated on both ends.

Login error

We’ve resolved an issue where the login procedure could unexpectedly restart even after a previous login was successfully completed. This issue led to error messages appearing on the login screen.

QML warning/error metrics issues

We’ve resolved QML warning/error issues detected by the metrics system. The problems have been addressed, and these warnings/errors should no longer appear, ensuring smoother performance.

Hidden columns in computers tab

We’ve addressed an issue where hidden columns in the computers tab did not persist after logging out and logging back in. Specifically, if users hid the status column in the list of computers, this column reappeared upon logging out and logging back in. To resolve this, we redesigned the hiding of columns functionality. Now, hidden columns remain hidden even after the logout and login procedure.

Other fixes & improvements

Security updates, missing translations, bug fixes and other improvements.

ISL Light Client 4.4.2332.30 for Windows provides new features and some bug fixes.

New Features

Support for Direct Connection

Direct connections are now supported on ISL Light Client and ISL Light Desk for Windows. Direct connections allow connections through ICE servers.

A new command line argument was introduced which can be used to disable the direct connections functionality:

–on-connect “main?direct_connection=false”

Note: To utilize the direct connection feature, it’s essential that the you use also the latest version of ISL Light (4.4.2332.100).

Bug Fixes

Other fixes & improvements

Security updates and missing translations.

ISL AlwaysOn 4.4.2332.54 provides new features and bug fixes.

New Features

Support for Direct Connection

ISL AlwaysOn introduces enhanced support for direct connection, known for its speed advantages.Note: This direct connection feature will become fully accessible upon the release of the upcoming ISL Light desktop app, which will also support direct connection.

ISSC clipboard improvements

Our clipboard implementation in ISSC has been upgraded. We now conduct multiple attempts when reading from and writing to the clipboard. Each attempt will be delayed for 13-20ms with a total of 50 attempts, compared to the previous 50ms delay and N attempts.For performance monitoring, we’ve introduced metrics that track the number of attempts required to open the clipboard, enabling the identification of potential lock loops over time.

Require email authorization for incoming connections

The latest update includes the ability to enable email authorization, requiring approval for incoming connections. Recipients will receive an email, providing them with the option to either approve or deny the connection. This feature adds an extra layer of control and security to your connection processes.

ISL Light > Computers > Connect to Remote Computer > Require email authorization

Configuration Options

• Email Authorization Timeout (seconds): Customizable expiration time for authorization emails (default: 180 seconds).
• Emails: Allow users to provide a list of email addresses for authorization.

ISL AlwaysOn > Settings > Desktop Sharing > Require email authorization for incoming connections

Remove monitor process on Windows

ISL AlwaysOn will no longer initiate the launch of ISL Light Fast, ISL Light Client, and tray processes. Instead, ISL AlwaysOn will utilize the ISSC daemon for these functions. This change enhances security by eliminating a local pipe previously used by the old ISL AlwaysOn Monitor to report the status of initiated processes.

Increase Notification Timeout limit for unattended access

In the latest update of ISL AlwaysOn, the Notification Timeout setting, found in the Desktop Sharing section of the settings, has been extended from 120 seconds to 500 seconds (8 minutes and 20 seconds). This extension allows for a more flexible and accommodating duration for unattended access notifications.

ISL AlwaysOn > Settings > Desktop Sharing > “Show notification of incoming connection > Notification timeout”

Optimized setting text for computer access with local consent

The setting previously labeled “Allow computer access also with local user consent and no access password” in the Desktop Sharing section has been refined and now reads as “Allow computer access without an access password (local user consent required).”

Upgrade QT to 5.15.11

QT version was upgraded to 5.15.11 in ISL AlwaysOn application.

Upgrade mbedtls to 2.28.5

We have upgraded mbedtls to version 2.28.5

Upgrade LibXML2 to 2.9.14 and LibXSLT to 1.1.37

Library LibXML2 was updated to version 2.9.14 and library LibXSLT was updated to version 1.1.37.

Bug Fixes

Improved error handling in Access History

In a recent update to ISL AlwaysOn, an issue related to corrupted entries in the sessions.xml file has been addressed. Previously, users encountering a corrupted sessions.xml file experienced an empty history window without any error messages.

With the recent enhancement, error handling has been improved. If the sessions.xml file is corrupted, users will now be promptly notified with an alert. This alert will also provide information about the specific line in which the corruption was detected, ensuring a more transparent and informative user experience.

Other fixes & improvements

Security updates, missing translations, bug fixes and other improvements.

ISL Conference Proxy 4.4.2335.62 provides new features and bug fixes.

New Features

Single Sign-On/SAML per domain

ISL Conference Proxy now supports Single Sign-On login (SAML) for each domain.

New domain settings are available in the server administration (/conf -> Domain settings -> Security -> Organization). These settings help designate a specific domain as an organization:

• Organization Login Enabled: If set to “Yes”, unique values for both organization name and description are required for all domains. SAML login must also be enabled for the domain.
• Organization Name: Used for case-insensitive input in the field layout and internally for remembered organizations.
• Organization Description: Displayed to users in remembered organization logins, combo box layout, and vertical chooser layout.
• Organization Order Index: An optional setting to reorder organizations in combo box layout or vertical chooser layout in ascending order. An empty value places it first.

Server Administration > User Management > Organizations > Domain (greenbike) > Security

New global settings in server administration (/conf -> Security) include:

• Login Layout: Options are Username & Password (default), Username & Password, Organization, and Organization.
• Organization Login Layout: Options are Name Input Field (default), Description Combo Box, and Description Vertical Chooser.

Server Administration > Configuration > Security

Layout settings determine the user interface shown during logins. If “Login Layout” is set to “Username & Password” (default), organization login is disabled. If set to “Username & Password, Organization”, users can choose to log in with a username and password or an organization. When set to “Organization”, users can only log in using their organization.

ISL Conference Proxy Web Portal > Login > Sign in to organization (example with “Username & Password, Organization”)

When an organization login is selected, the “Organization Login Layout” setting is checked. If set to “Name Input Field” (default), users must manually enter the organization’s name. If set to “Description Combo Box” or “Description Vertical Chooser”, users can select the organization from a combo box or vertical chooser. The combo box has a limit of 1000 organizations, while the vertical chooser supports up to 20 organizations.

ISL Conference Proxy Web Portal > Login > Sign in to organization > Find Your Organization (example with “Name Input Field”)

Once a user selects an organization, it is used in all subsequent logins unless canceled. For users with a configured subdomain and default domain as an organization, organization login is automatically used when initiating login using the subdomain DNS name.

Additionally, users utilizing per-domain SAML or organization login can change their email without a password check, unless email changes are blocked in SAML login rules.

SSO/SAML username remapping

A per-user setting was added to system administration:

• SSO domain username remap: SSO login (SAML) will try to match “username” key with this setting within the same “domain” and if it matches, “username” will be set to the matching account (duplicate match will abort the login)

A new rule was added to setting SAML login settings rules in system administration, which is useful for remapping username to a sanitized value, for example, replace all special characters with – and @ with _AT_:

["rename-key", "KEY", "REGEX_FROM", "REGEX_TO", "REGEX2_FROM", "REGEX2_TO", ...]

• Multiple regexes stop on first successful match.
• Regex supports “(?g)” pattern to indicate global (all) match.
• \\1 for match group replacement in TO

The following example shows how to map the user “tim.thomas@example.com” to user “\\testDomain\tim-thomas”: In the Server Administration, in the domain settings of “testDomain”, add the following to “SAML login settings rules”:

["rename-key", "username", "(?g)[^a-zA-Z0-9@\\-]", "-"],
["rename-key", "username", "(?g)@", "_AT_"]

Server Administration > User Management > Domain > Sercurity (ctrl + f “SAML login settings rules”)

In the Server Administration, in the user settings of “\\testDomain\tim-thomas”, set “SSO domain username remap” to:

"tim-thomas_AT_example-com"

Server Administration > User Management > User > Security (ctrl + f “SSO domain”)

And now the result, tim.thomas@example.com is sanitized to tim-thomas _AT_example-com and then remapped to tim-thomas as shown on the image below.

ISL Conference Proxy Web Portal > Sessions > Example SSO/SAML username remapping

Custom Deployment Link

A new option, “Custom Deployment Link,” has been introduced to the “Computers pages” dropdown in “Set Unattended Access.” This feature provides a dedicated page with various options to assist in deploying the ISL AlwaysOn agent to remote computers.

Users can customize settings such as Computer Name/Alias, Computer Group, Tags, Access Password, and choose options for Silent Install and upgrading ISL AlwaysOn. The generated deployment link can be copied, or ISL AlwaysOn with the specified options can be downloaded.

ISL Conference Proxy Web Portal > Computers > Custom Deployment Link

Additionally, a new permission has been added to ISL AlwaysOn settings: “Allow access to Custom Deployment Link page.” By default, this setting is enabled, allowing users to access and utilize the Custom Deployment Link page.

ISL Conference Proxy Server Administration > Configuration > ISL AlwaysOn

Support for authorize remote access connections via email

ISL Conferenece Proxy (ISL AlwaysOn module) now includes support for authorization via email for remote access connections. When the ISL AlwaysOn remote agent is configured with email settings, it sends an email notification about incoming connections to specified addresses. This notification is triggered when a user attempts to connect to the remote computer, after the access password is verified but before obtaining remote user consent (if required).

ISL Conference Proxy > Request to Start Session

The connection request email provides basic information about the connecting user and the target computer. Recipients can conveniently review the request via the provided link and decide whether to allow or deny the connection. If allowed, the connection procedure proceeds as usual. In the case of denial or failure to allow within the specified time (default is 180 seconds), the connection is promptly closed.

The expiration time for authorized access emails is configurable on the remote computer through a new setting in ISL AlwaysOn. If a connection request email is sent to multiple addresses, only the first recipient to respond (allow or deny) has the authority to make a decision. Once a decision is made, the connection request becomes inaccessible for further review.

Furthermore, new setting “Mail template for authorize incoming connection” was added to ISL AlwaysOn settings in Server Administration, which can be used to set the custom email template.

Email example to request to start session

Setting “Collapse multiple repeated log lines”

A new setting, “Collapse multiple repeated log lines,” has been added to the server administration “Logs” section. This setting instructs the log writer to collapse multiple instances of repeated log lines as “- N -“, where N represents the number of repetitions. The default is set to “Yes,” preserving the previous behavior.

Additionally, a development flag, “no_collapse_log” (Force no collapse log lines), has been introduced. This flag overrides the server administration setting.

ISL Conference Proxy Server Administration > Configuration > Logs

Sign .extra file with CRC32

In the latest update, the program’s “.extra” file is now signed using CRC32 and is validated during extraction and parsing processes.

AKV Activity Logs Updates

In previous versions activity log was only possible by setting “Record activity log” setting in /conf -> Logs. Additionally, support for logs in AKV format was now added, which can be enabled by setting [Core] Activity log (core_activity_log) logging subsystem to Info.

Settings behavior:

• Record activity log: Controls CSV activity log only.
• Control activity logging scopes for both CSV and AKV logs:
  – Enable system activity log.
  – Enable admin activity log.
  – Enable user activity log.

Upgrade to Go 1.20.12

The Go version has been upgraded to 1.20.12.

Update to LibXML 2.11.6 and LibXSLT 1.1.39

LibXML has been updated to version 2.11.6, and LibXSLT has been updated to 1.1.39.

Upgrade to OpenSSL 3.0 LTS

The OpenSSL library has been upgraded to version 3.0.12.

Bug Fixes

Improved User List Loading in Share Dialog

In the previous version, the share computer/group modal sometimes failed to display all users due to a calculation error in determining the bottom of the scroll view. This issue has been resolved by redesigning the calculation, ensuring accurate computation of the bottom, and enabling the loading of additional users in the dialog when needed. The defect has been fixed.

Port ICP’s CPP HTTP Proxy Setting Parser to Go

In previous versions, parsing the value of the “HTTP proxy for web client” setting would fail if the value was not a valid URL. This issue has been addressed by porting ICP’s custom parser to Go. As a result, the problem should no longer occur. The defect has been fixed.

SSL Module: Increase z-index of Tooltips

In the previous version, tooltips in the SSL module’s “Install Certificate” modal were displayed behind the modal, causing visibility issues. This has been resolved by increasing the z-index of the tooltips, ensuring they are displayed correctly. The defect has been fixed.

Add Missing Permission Translation for Administration Page

In previous versions, the error message for missing Domain Admin permission (“To access Administration, you must have “Domain Admin” permission enabled. Please contact your administrator for assistance.”) was not translated. This issue has been addressed by redesigning the implementation, and the string should now be accurately recorded and translated. The defect has been fixed.

Other fixes & improvements

Security updates, bug fixes and other improvements. These changes are aimed at improving the stability, security, and performance.