PingFederate 10.3.3 - October 2021 - PingFederate - 10.3

PingFederate Server

bundle: pingfederate-103
ft:publication_title: PingFederate Server
Product_Version_ce: PingFederate 10.3
category: Product; pf-103; pingfederate
ContentType_ce

PingFederate 10.3.3 is a cumulative maintenance release for PingFederate 10.3. For a summary of the features introduced in the 10.3 release, see PingFederate 10.3 - June 2021.

Resolved issues

Ticket ID	Description
PF-29401	PingFederate now allows the wildcard character " `\ *`" in the Subject DN for OAuth client certificate authentication.
PF-29595	When PingFederate fails to create an XML object from a payload, it no longer mistakenly adds the following system error to server.log: `ERROR [SystemErr] [Fatal Error] :1:1: Content is not allowed in prolog.`
PF-29662	Upgrading PingFederate to version 10.3 no longer causes outbound provisioning with a PingID connector to fail.
PF-29679	Fixed an issue where changes in cluster membership could cause missed notifications for certificate expiry.
PF-29722	PingFederate can now decrypt encrypted request objects that OAuth clients send to its Authorization and PAR endpoints. Also, administrators can configure PingFederate to accept only request objects that are encrypted by enabling the `front-channel-encryption-required` setting in jwt-request-object-options.xml.
PF-29759	Now the Kerberos adapter removes escape characters in principal names as defined in RFC 1964 2.1.1.
PF-29817	When the response-header-admin-configuration.xml file is customized, the configured headers are now returned in administrative console HTTP responses.
PF-29819	The `${BASE_URL}` variable works correctly now in email templates.
PF-29924	Resolved a potential security vulnerability involving authentication policies.
PF-29938	Resolved an issue that stopped PingFederate from completing a device authorization flow when using IdP connection OAuth attribute mapping.