Product
Hosting Environment
Operating System
Capability
Task Type
Draft Beta
Close

PingAccess release notes

Updated 94

Add to MyDocs | Hide Show Table of Contents

Table of Contents

PingAccess 5.2 - December 2018

Enhancements

Use PingOne for Customers as the token provider
PingAccess now includes native support for configuring PingOne for Customers as the OpenID Connect provider.

Support for Java 11
This release of PingAccess includes support for Oracle JDK 11 and Open JDK 11 in addition to support for Java 8. As of version 11, Server JRE is no longer available. Note that while other combinations may function as expected, the only tested and supported cluster configurations are those where each node utilizes the same JDK distribution.

Configure the reserved application path
You can now use the PingAccess Admin API to configure the reserved application path (/pa). This feature is useful for customers who need to protect application resources that natively use the default PingAccess reserved application path.

Decrypt encrypted ID tokens
To reduce backchannel communication between PingAccess and the token provider, PingAccess is now able to decrypt ID tokens that have been encrypted by the token provider using a public key that the token provider obtains from PingAccess.

Local validation of JWT OAuth 2.0 Bearer Access Tokens
To reduce backchannel communication between PingAccess and the token provider, PingAccess can locally validate signed (JWS) and/or encrypted (JWE) access tokens for API calls.

Read and use PingFederate metadata
PingAccess reads metadata from PingFederate and uses the information to build authorization, token, and other endpoints.

API to retrieve resource path pattern evaluation order
An API endpoint is now available to retrieve application resource path pattern evaluation order.

Dynamically populate PingFederate token generator IDs
If PingFederate Administration is configured , PingAccess now populates available Token Generator IDs while configuring a Token Mediator Site Authenticator.

Groovy enhancements
Enhancements to Groovy script functionality have been included that allow you to get all values for any header field and to dump headers via Groovy script to aid with debugging.

Resolved issues

Ticket ID Description
N/A Fixed potential security issues.
PA-10325 Fixed an issue where engine requests to sync configuration based on a configurable interval were timing out.
PA-10259 Fixed an issue where PingAccess was not properly encoding ampersand after post preservation.
PA-10335 Fixed an issue where evaluation of nested RuleSetGroups were failing for agent requests.
PA-10463 Fixed an issue where references to AuthnRequirement IDs were not being retained across an upgrade, resulting in an impact to Admin SSO functionality.
PA-10281 Fixed an issue that caused interoperability problems when using a Site Authenticator Token Mediator for a resource specified as being globally unprotected.
PA-10304 Fixed an issue where, in some cases, engine key data was not being migrated successfully for older versions of PingAccess.