Major information & changes for RCDevs customers
1. Preliminary information
This document has been created to reference any major changes/issues on RCDevs side which can impact customers infrastructure.
We advise to our enterprise customers and freeware users to regularly check this documentation in order to know last news regarding RCDevs world before contacting RCDevs support team. You can subscribe to the following mailing list to stay up to date regarding this article. Information in that document are sorted by products/dates/versions.
2. WebADM Server
3. OpenOTP Server
4. OpenOTP Token
(Status updated on 14th of July: fixed but not released on stores)
A major issue has been discovered during the last public rollout of OpenOTP Token application. This issue has impacted a lot of devices which can makes the application and the registered tokens unusable. That issue has never been experienced in our testing processes and could not be anticipated by RCDevs until the official rollout. The issue comes from keychain migration. A wrong key has been used to map the keychain token key entry with the application/token registered which make the registered tokens unreadable by OpenOTP Token because OpenOTP token tried to decrypt registered Tokens with a wrong key. Issue has been fixed and a new release will be published as soon as possible. If end-users are stuck after the update, they have to uninstall the OpenOTP application and re-install it from Google/Apple stores. In that scenario, a new token needs to be registered. For users which experienced that issue, did not uninstall the application and did not register a new token, the next release will restore Tokens and application access.
Version 1.4.11 (still available on App Store)
Automatic rollout has been temporarily stopped but can not be definitively aborted on the App Store.
Version 1.4.10 (Not available anymore on Google Store)
Rollout has been stopped as soon as we detect the issue. This release has been removed from Google Store. Last version available is 1.4.9
5. Push login
The information contained in mobiles push responses has been modified to add extra parameters (action). For customers which use a custom reverse proxy (other reverse proxy than WAProxy) to forward mobiles push responses to OpenOTP server and which makes packet inspection of push responses, you need to adjust the packet inspection policy to allow this new parameter in order to keep push logins working. If this new parameter is not added to your packet inspection policy, the packet inspection will flag the push response as invalid request, push responses will be dropped and user will not be able to login using push notification.
1.1.5-0 to 1.1.6-0 issue
(Status on 14th of July: fixed and released)
We discovered a balancing issue from version 1.1.5-x to 1.1.6-0 of WAProxy which impact mobile push responses. WAProxy can handle 2 WebADM backend to publish Web Applications and to forward mobiles push responses. The secondary backend defined in /opt/waproxy/conf/waproxy.conf is never used in case of the WebADM server URL 1 is not reachable to forward mobile push response to OpenOTP. This issue do not impact Web Application access. We advise to customers which are using WAProxy to forward push mobiles responses to update WAProxy to last version.
This issue has been fixed since 1.1.7-0 version.
7. External Services (Push, License) - Cloud Services
To continue to offer you the best service possible a maintenance is planned on RCDevs ends. We are going to upgrade our DNS and the Push and License infrastructure actually in use with all WebADM 1.x versions.
NOT Impacted customers
- Customers running WebADM v2 are not impacted by this upgrade and should ignore this message.
- Customer using DNS names (normal situation) for RCDEVS service should ignore this message.
Save the date
The change will occur the January 15th, 2021
Please read all information described below!
Due to the end of support of current infrastructure, we can not upgrade the actual servers and we have to re-build new instances. Unfortunately, that means the public IP addressees of these servers will change. This change prevent access to these services based on existing IPs addresses.
Have a look on your WebADM config files for push and license section :
[root@webadm1 ~]# vi /otp/webadm/conf/servers.xml
The default configuration on WebADM servers should be the following :
<PushServer name="Push Server" host="push.rcdevs.com" port="7000" user="" password="" ca_file="" /> <LicenseServer name="License Server" host="license.rcdevs.com" port="7001" ca_file="" />
On your firewalls, check if your are filtering these IPs to allow WebADM to access to push and license services :
For reminder, IPs actually in used are the following :
- 220.127.116.11 => LoadBalancer IP - (available until January 15th, 2021 Not available anymore after that)
- 18.104.22.168 => Push/license servers IP - (available untilJanuary 15th, 2021 Not available anymore after that)
- 22.214.171.124 => Push/License servers IP - (available until January 15th, 2021 Not available anymore after that)
Infrastructure incident imply the decommissioning of servers will imply an IPs rotation on our DNS.
That’s why we always advise to use DNS names for communication with external services instead using IP addresses of our backend.
Customers using IP addresses
Please, do not use IP addresses unless you are ready to change them regularly.
Reminder for existing DNS names
push.rcdevs.com port 7000 or 443 license.rcdevs.com port 7001 cloud.rcdevs.com port 443, 7000 or 7001
We still advise all customers to think about planning a migration to WebADM v2.