Rublon Authentication Proxy – Release Notes

Last updated on December 9, 2025

You can view your current Rublon Authentication Proxy version inside readme.txt, or inside your log files if DEBUG option is enabled in your config file.

Version 3.9.0 – December 8, 2025

• Added HTTP(S) proxy configuration in the Rublon Authentication Proxy config file
• Added the timeout option in the directory_sync section that controls the timeout for Directory Sync
• Added support for Append Mode in proxied requests of RADIUS proxy (when using proxy_requests=true)
• Added support for storing config secrets in Windows Credential Manager (for more info, refer to Configuring the Rublon Authentication Proxy Secret Source – Windows Credential Manager)
• Added the challenge_message option to customize RADIUS Reply-Text in Challenge Mode of RADIUS proxy
• Added support for non-DistinguishedName (DN) LDAP Bind requests in LDAP Proxy, so it is now possible to handle requests with plain username formats like “domain\username” and “username@domain.com”

Version 3.8.0 – August 5, 2025

• Added support for managing configuration secrets via environment variables
• Fixed the handling of security_group_dn and custom_filter by the LDAP Proxy
• Fixed Proxy-State attribute passing

Version 3.7.3 – July 10, 2025

• Fixed attributes in the RADIUS dictionary

Version 3.7.2 – July 2, 2025

• Updated the RADIUS dictionary

Version 3.7.1 – June 4, 2025

• Fixed an issue causing long-lived LDAP connections not to close correctly after the authentication source got disconnected

Version 3.7.0 – May 6, 2025

• Added support for backup authentication hosts when using LDAP proxy (you can now list multiple LDAP authentication sources in auth_source for each proxy server in the proxy_servers section)
• Added the possibility to define more than one rublon section on a single Rublon Authentication Proxy instance, enabling you to protect multiple VPNs or services using different configurations
• Changed attribute names in the rublon section to better reflect the names of the values taken from the Rublon Admin Console (for backward compatibility, old attribute names will still work):
  • rublon_api → api_server
  • rublon_token → system_token
  • rublon_secret → secret_key
• Made the access_user_dn option case insensitive

Version 3.6.0 – March 24, 2025

• Added the username_attribute option in the LDAP source settings
• Modified the Directory Sync to synchronize user statuses from Active Directory into the Rublon Admin Console (if a user is “Disabled” in AD, they will get the “Denied” status in the Rublon Admin Console)
• Improved the LDAP tree browsing functionality within LDAP Proxy to ensure seamless operation with third-party applications

Version 3.5.3 – February 4, 2025

• Added the force_message_authenticator option to the configuration file for both proxy_servers and auth_sources sections to secure the RADIUS proxy server against Blast-RADIUS attacks
• Updated the RADIUS dictionary file

Version 3.5.2 – December 9, 2024

• The group_dns option in the directory_sync section is no longer case-sensitive
• Fixed an issue where incorrect encoding of configuration files on Windows led to Directory Sync ignoring groups with certain language-specific characters

Version 3.5.1 – November 19, 2024

• Implemented CA verification for Rublon API certificates to ensure secure connections
• Fixed an issue that caused the Auth Proxy to reject a user’s next authentication if it was performed right after the first one on Amazon Linux
• Optimized performance to handle multiple simultaneous user logins more efficiently

Version 3.5.0 – October 29, 2024

• Added support for the Phone Call authentication method. You can use it both in the configuration and in the Append Mode. Append Mode will accept “phoneCall” and “phonecall” strings
• Fixed a bug that caused Message-Authenticator to be incorrect for some cases during communication between NPS and the RADIUS proxy
• Fixed an issue that caused some of the log messages to disappear on Windows due to inconsistent encoding

Version 3.4.1 – July 17, 2024

• Fixed a bug that caused logs to stop showing up in the log file after rotating the log file

Version 3.4.0 – July 11, 2024

• Added support for the YubiKey OTP authentication method both in AppendMode and in RADIUS server’s nocred mode
• Fixed an issue that caused the proxy to stop working in some very rare scenarios after reconnecting with the Rublon API socket
• Fixed an issue that caused LDAP Proxy to lose the connection when multiple users were connected at once
• Added OpenLDAP support in Directory Sync
• Changed the name of the ad_sync section to directory_sync in the configuration file. Choosing whether to use AD or OpenLDAP sync is now done using the source_type option (by default set to ad)
• Added different attributes’ default values for AD and OpenLDAP source types (e.g., the username attribute is set to sAMAccountName for AD and to uid for OpenLDAP)
• Updated the Windows installer
• Added more strict rules to the Rublon API URL in the configuration
• Added readme.txt to the Windows installation with basic instructions
• Removed config.json file template created in the config directory after installation on Windows, so that you can decide whether to use JSON or YAML (we strongly recommend using YAML). The template file can be found in the config/examples directory

Version 3.3.1 – May 21, 2024

• Added support for Bypass Codes
• Made a few improvements to the Fail Mode feature
• Made the Auth Proxy display better log messages when a field has an invalid type in the configuration file

Version 3.3.0 – May 14, 2024

• AD Sync now runs together with the Rublon Authentication Proxy to synchronize users in the background. Sync hour is chosen at random and it runs in 12h intervals
• Changed the log file name to rublon-authproxy.log so that it is easier to distinguish from the newly-added rublon-adsync.log
• Fixed rublon.service used in Linux to call a proper binary file after its name changed to rublon-authproxy

Version 3.2.0 – May 6, 2024

• Added the AD Sync feature as a part of the Directory Sync
• Changed the file naming to rublon-authproxy for better readability

Version 3.1.1 – April 26, 2024

• Removed the hosts.json file. The list of whitelisted hosts is now added in a new section in the configuration file called hosts_whitelist
• Removed the use_hosts_whitelist flag from the configuration file. Whether to use the whitelist is now determined depending on the list itself. If the list is empty (or not present), all hosts are allowed to log in. If the list is not empty, only hosts specified in the list are allowed to log in
• Made necessary changes to communication between the Rublon Authentication Proxy and Rublon API after API updates
• Improved logs in the Event Viewer for Windows installer
• Code improvements for future features

Version 3.1.0 – March 4, 2024

If you want to update the Rublon Authentication Proxy to this version, read Before you update: 2.x to 3.x.

• Improved LDAP Proxy configuration
  • ca_certs and transport_type will now be taken from LDAP auth_source for LDAP Proxy server
• Fixed SSL-related bugs regarding LDAP Proxy
  • ca_certs are now correctly checked for the proxied server
• Added SMS Link support
  • For append_mode, use password,smslink to choose the method
• Added support for YAML to the configuration file
  • If it exists, config.yaml will be used as a configuration file
  • config.yaml has priority over config.json, so in case both exist, the .yaml file will be used
• Switched configuration fields (for both .json and .yaml) to lowercase for better .yaml readability
• Fixed an issue on Linux that showed the service to be active even though it finished with configuration errors
• Changed the lib dir in Linux installer to bin for consistency with the Windows installer
  • Because of that, you will have to override the rublon.service file when updating the Rublon Authentication Proxy on Linux from version 2.x to 3.x .
• Directory certs within the config folder was changed to ca_certs to better indicate its purpose
• Version is now logged when starting the Rublon Authentication Proxy
• Updated config templates
• Improved error handling

Before you update: 2.x to 3.x

• Note that the LDAP Proxy feature is still in the beta stage, as we need to test it with more applications to make sure it works as expected in various scenarios
  • Some issues might occur when using starttls for LDAP connection. If you encounter any issues, switch to a standard SSL connection
• In Linux, the installer name of the lib dir was changed to bin. Therefore, you need to generate a new rublon.service and override it in the systemd directory. Follow our Linux installation guide for detailed instructions
• Note that the configuration has changed significantly due to adding the LDAP Proxy feature. We recommend you start fresh by using our template configs and simply copy-paste the values from your existing config.json file
  • You can now use the .yaml extension for the configuration file
  • The whole configuration is now lowercase for better readability and less noise
  • Some of the configuration changes include:
    • New sections: log and rublon
    • Changed the name of the PROXY section to proxy_servers
    • Changed the secret field under RADIUS’ auth source to radius_secret to stay consistent with the server’s RADIUS Proxy configuration
    • Auth source and proxy server objects in configuration now have a type field with a possible value of RADIUS or LDAP
  • See the configuration page and our config examples for more details

Version 3.0.2 (Beta) – December 12, 2023

• Now the Rublon Authentication Proxy can work as an LDAP(S) proxy
• Updated the configuration file structure

Version 2.5.1 – April 24, 2023

• Improved Windows installer with better graphics and security
• Fixed an issue that caused authentication logs to be not displayed for the Mobile Passcode authentication method

Version 2.5.0 – January 27, 2023

• Updated underlying software packages
• Rublon_API no longer requires the “https://” prefix
• Bug fixes

Version 2.4.1 – August, 2022 (beta)

• The “nocred” mode no longer requires having at least one character in the password
• “PROXY_REQUESTS” now proxies PAP protocol requests as well
• Removed the “Reply-Message” RADIUS attribute from access responses
• Improved log messages

Version 2.3.1 – December 9, 2021

• Fixed incorrect log message displayed after receiving multiple requests from one user

Version 2.3.0 – December 2, 2021

• Removed the requirement on the authentication source to return the user’s email address. From now on, if the authentication source returns the email address, it will be used only to enroll users. The email address needed to perform 2FA will be now taken from the Rublon Admin Console
• The “nocred” mode does not require the “AUTH_SOURCE” option anymore. Users will be matched by the corresponding usernames in the Rublon Admin Console
• Improved log messages

Version 2.2.3 – August 25, 2021

• Added USE_USERNAME_AS_EMAIL that allows you to use the username as an email address instead of fetching it from the authentication source
• Added Palo Alto attributes to the RADIUS dictionary

Version 2.2.2 – August 19, 2021

• Added EMAIL_ATTRIBUTE that allows you to choose which Active Directory attribute to use as an email attribute

Version 2.2.1 – August 10, 2021

• Added the RADIUS CLASS attribute (RADIUS_CLASS_ATTR) to the configuration

Version 2.2.0 – May 19, 2021

• Added Windows Server support! Tested for the following versions: 2012, 2016 and 2019
• Fixed a bug which caused backup authentication sources to run in wrong order in some cases
• Fixed the “nocred” mode to properly use backup authentication source
• Primary authentication will now not be performed (and logged) after receiving another request when user is undergoing 2FA
• Added empty config.json template file to the release package

Version 2.1.2 – April 22, 2021

• Fixed the service’s status error which had been occurring after the service was stopped on Linux

Version 2.1.1 – April 19, 2021

• Fixed an issue which caused Linux service to not start properly in some cases during server restart
• Security enhancements

Version 2.1.0 – March 30, 2021

• It is now possible to specify backup authentication sources (LDAP, RADIUS) that will be used in case the previous authentication source fails to connect
• Authentication methods (AUTH_METHOD) can be now provided as a comma-separated string value (e.g. “push,email”) instead of a list. Both string and list are valid values
• Changed the default value of AUTH_TIMEOUT to 90 seconds

Version 2.0.1 – March 18, 2021

• Fixed an issue that caused excessive 2FA notifications being sent when timeouts of both integrated system and authentication proxy were the same
• Small security improvements

Version 2.0.0 – February 24, 2021

• Rublon Authentication Proxy can now simultaneously work in multiple modes!
• Multiple applications from Rublon Admin Console can now be assigned to one instance of Rublon Authentication Proxy
• It is now possible to specify multiple authentication sources (AUTH_SOURCE) of the same type (e.g. 2x LDAP)
• Separated RADIUS secrets. It is now possible to specify different secrets for client – proxy communication and proxy – RADIUS server communication
• Rublon Authentication Proxy will now automatically detect if a given username is an email address and perform 2FA using this email address
• Entire configuration structure has changed. Refer to the documentation for more details

Version 1.2.2 – February 1, 2021

• Changed the name of “awingu” mode to “nocred” as this option is also applicable to other integrations. This change has no impact on the current behavior of this option
• Simplified running multiple instances of Rublon Authentication Proxy. Refer to the documentation for more details.

Version 1.2.1 – December 4, 2020

• User’s login request is now automatically rejected after 60 seconds. This value can be changed in the configuration
• Added AUTH_TIMEOUT to the configuration

Version 1.2.0 – September 24, 2020

• All non-PAP (that is: CHAPv1, MSCHAPv2, EAP/MSCAHPv2) requests can now be proxied to the RADIUS server. Rublon 2FA will be performed after detecting a successful authentication.
• Added a possibility to choose the auth method in Awingu mode by simply typing “email” or “push” inside the verification code step input field
• Added DEBUG mode for better logging system
• Logs are now persisted per day. Admin can configure how many log files should remain until they are overridden
• Added CUSTOM_FILTER property to the LDAP configuration section

Version 1.1.2 – August 25, 2020

• Added Radius Challenge handling
• Added Append Mode
• Added Awingu integration
• Added the possibility to setup a backup authentication method (an auth method to be used if the previous one fails). See the configuration documentation
• Updated some of the configuration properties

Related Posts

Rublon Authentication Proxy