Table of Contents

PingFederate 8.3.1 - January 2017

PingFederate® 8.3.1 is a cumulative maintenance release for PingFederate 8.3, which introduced many new features, such as self-service password reset (SSPR), hardware security module (HSM) hybrid mode, access token and authentication session sync, and improvements in OpenID Connect Relying Party support and OAuth Authorization Server. For more information, see the release notes for PingFederate 8.3.

Resolved issues

Ticket IDDescription
PF-14819New passwords submitted through self-service password reset are now only validated against the password policy of the associated data store, not the PingFederate internal service credentials password policy.
PF-14780The outbound provisioning CLI (provmgr.bat) failed to start in a Microsoft Windows environment.
PF-14778Resolved an issue where the administrative API could not create or update a connection with OGNL expressions.
PF-14771PingFederate can now connect to the JSON Web Key Set endpoint (/pa/oidc/JWKS) on PingAccess.
PF-14631Fixed an issue with the handling of client certificates that were set in HTTP headers by an HTTPS-terminating front end proxy server (SECNT005).
PF-14627Upgraded to jose4j 0.5.3. PingFederate can now issue signed and encrypted JWT-based access tokens in an environment where PingFederate is integrated with a Thales HSM.
PF-14567For any SLO-enabled SAML 2.0 IdP connection with multiple virtual server IDs, PingFederate now sends one logout request to the associated IdP when it receives a logout request at its SLO application endpoint (/sp/
PF-14423Resolved an issue where the OAuth introspection endpoint (/as/introspect.oauth2) could not process validation requests when persistent grants were stored on an LDAP server.
PF-14372PingFederate now includes SLO endpoint information in its SAML metadata.
PF-13996Fixed an issue where PingFederate did not URL-encode the percentage character (if any was used in the Partner's Entity ID field of a connection) when constructing the SSO Application Endpoint URL on the connection summary screen.
PF-13624When using OGNL expressions to define issuance criteria for authentication policy contract mapping, administrators may now reference attributes from an IdP connection using its Partner's Entity ID value; for example:
#idpCxnUsername = #this.get("idp.https://sso.idp.local.SAML_SUBJECT")

In this example, the Partner's Entity ID value of the IdP connection is https://sso.idp.local and the referenced attribute is SAML_SUBJECT.

Tags Hosting Environment > On-Premises; Product > PingFederate > PingFederate 8.3; Product > PingFederate; Task Type > Administration; Task Type > Installation; Task Type > Upgrading

Your Rating: