PingFederate 10.1.1 is a cumulative maintenance release for PingFederate 10.1. For a full summary of the features introduced in the 10.1 release, see PingFederate 10.1 - June 2020.
Resolved issues
| Ticket ID | Description |
|---|---|
| PF-24424 | Added a configurable field called Trim username spaces for search to the LDAP password credential validator. When the field is enabled, leading and trailing spaces are removed from the username in the search filter and in the returned username attribute. When creating new LDAP password credential validators, this field is enabled by default. |
| PF-25388 | When PingFederate is configured with non-native administrative console authentication, the engine nodes in a cluster no longer try to authenticate to the backend service using the mode configured for the console node. |
| PF-25640 | When a user is a member of multiple provisioning groups managed by different channels, removing the user from the group that provisioned them will no longer immediately de-provision the user. Instead, when the provisioning cycle runs, PingFederate re-assigns the user to a different channel. PingFederate might update the user attributes if the new channel has a different attribute mapping. |
| PF-26042 | During a device authorization flow, PingFederate now returns an error when an OAuth
client uses a client_id to get an access token that
does not match the client_id it used to get the
device_code. |
| PF-26089 | The administrative API and OAuth client management service now return only current client lists. |
| PF-26126 | The authentication API redirectless flow now supports self-service password reset with authentication policies. |
| PF-26242 | During a user authentication or password change, if CAPTCHA is enabled and the CAPTCHA response is empty, PingFederate now shows a CAPTCHA error instead of a null pointer exception. |
| PF-26275 | The OAuth access grant management service can now GET and DELETE grants assigned to disabled OAuth clients. |
| PF-26543 | Resolved a PingFederate 10.1 issue that affected the performance of authentication and session creation in clustered environments. |
| PF-26563 | For OAuth and OIDC administrative authentication, PingFederate now validates the
endpoints in the OAuth and OIDC properties files to ensure that they
are HTTPS. However, the OIDC end.session.endpoint
still does not require HTTPS. |
| PF-26598 | Updated jackson-databind to version 2.9.10.5. |
| PF-26599 | The pfbrowserid cookie is now set with the secure
and httponly flags. |
| PF-26624 | PingFederate 10.1 templates now load correctly when you have a CIBA authenticator configured with the PingID SDK adapter 1.6. |
| PF-26641 | After you import a certificate signing response into a certificate, PingFederate now persists the updated certificate. |
| PF-26643 | Improved PingFederate's performance when processing scopes and scope groups during end user requests. |
| PF-26651 | Rescinded the requirement, introduced in PingFederate 10.1, to obfuscate the values of client secrets used for OIDC and OAuth administrative authentication. Instead, now when PingFederate reads a plain text value for an OIDC, OAuth, LDAP, or RADIUS shared secret property, it logs a WARN level message that the value should be obfuscated. |
| PF-26659 | On the administrative console, when you change settings and then click Save, now the console shows a message stating whether PingFederate saved the new settings. Also, resolved some minor UI issues. |
| PF-26678 | Updated the Apache Commons IO library in the PingFederate Upgrade Utility to version 2.5. |
| PF-26796 | The IdP-discovery common domain cookie is now set with the secure and
httponly flags. |
| PF-26797 | Resolved an issue that caused the Show Me Around tutorial to appear each time the user logs in to PingFederate, even if the user had finished the tutorial, or had clicked Dismiss or the X icon on the tutorial's popup. |
| PF-26828 | On the Authorization server settings window, the CORS Allowed Origins setting now supports non-HTTP/HTTPS formatted values (registered schemes). |
| PF-26844 | Resolved an issue introduced in PingFederate 10.1 that prevented it from correctly
storing the user ID of the IdP connection's authentication source in
the pf-connected-identity attribute. |
| PF-26853 | Resolved a potential security vulnerability described in security bulletin SECBL017 on the Ping Identity Support website. |
| PF-26868 | Improved logging surrounding access grant manager JDBC interactions. |