New features

Ticket ID Description
PASS-2429 During the PingCentral upgrade process, the upgrade utility merges the new version of the application.properties file with the older version, preserving property values previously customized.
PASS-2827 You can upgrade to PingCentral version 1.4.0 directly from either version 1.2.0 or 1.3.0. Files that were not modified since they were initially installed are overwritten with new versions during the upgrade process. Note the following:
  • If the application.properties file was modified, the new version of the file will be merged with the latest version, preserving customizations.
  • If the conf/log4j2.xml, bin/run.sh, and bin.run.bat files were modified, the new versions are installed and the old versions are renamed. Manually update the new files with customizations, as necessary.
PASS-3189 Administrators can add existing PingAccess applications to PingCentral. For more information, see Adding PingAccess applications.
PASS-3191 Application owners can promote PingAccess applications to other PingAccess environment tiers and apply environment configuration dependencies, such as web sessions, identity mapping, virtual hosts, sites, and agents.
PASS-3563 Administrators can add PingAccess environment instances to PingCentral. For more information, see Environment Management.

Resolved issues

Ticket ID Description
PASS-2119 Protected environment text on the Environments page no longer incorrectly refers to "production" if the protected environment is not a production environment.
PASS-3556 The Restore button is now hidden for applications promoted in version 1.2.0.
PASS-3586 Previously, if the combination of an application's Redirect URIs exceeded 255 characters, users could not add the application to PingCentral. This character limitation was removed for this release, which resolved the issue.
PASS-3644 If a PingFederate environment is added to PingCentral and becomes unavailable for any reason, the Applications page is no longer empty.
PASS-3646 Scope names cannot contain spaces, so users are now prevented from adding scopes with spaces in the name to their applications.
PASS-3648 When updating SAML applications, users can provide a new metadata file to replace an older version. If the new file contains a certificate, the correct certificate now displays.
PASS-3659 When promoting SAML applications with multiple authentication policy contracts that were directly imported into PingCentral, the first contract on the list is used, as intended, and promotion failures no longer occur.
PASS-3663 When creating templates or adding existing OAuth or OIDC applications to PingCentral and scopes are not restricted, the Scopes field correctly displays the following message: This application uses all common scopes provided by the target environment.
PASS-3714 When searching for a scope that does not exist, the Add button no longer incorrectly displays.
PASS-3809 Users can no longer add a partial scope name to theScopes field.
PASS-3825 When searching for or adding scopes, users will now receive an appropriate error message when they enter invalid characters.

Known issues

Ticket ID Description
PASS-1552 When updating a user's role, the Discard Changes button does not currently work.
PASS-1998 When an OAuth/OIDC application is promoted from PingCentral to PingFederate, the secret is captured and saved. If this application is removed from PingCentral and a new application is created with the same name, promotions to PingFederate will use the client secret provided for the original application instead of the new secret that was provided in the new application. There is currently no way to retrieve the secret that was provided for the original promotion.
PASS-2090 If SSO is configured for PingCentral and PingFederate is unavailable, PingCentral will fail to start. If this occurs, determine why PingFederate is unavailable, resolve the issue, and restart PingCentral.
PASS-2122 When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor will jump down to the IDP Certificate Password field each time a key is pressed.
PASS-2528 Users who attempt to create a SAML application without a signing key pair might receive a server error.
PASS-2819 If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field displays, but is ignored. This display could cause confusion, as users can add and generate client secrets for their applications, but the secrets are not saved as expected.
PASS-3259 If an administrator adds a PingFederate environment to PingCentral that is missing a dependency, such as authentication policy or access token management (ATM) information, they will receive the following error message: Environment <pf_environment> Resource not found <missing_dependency>

To resolve this issue, either add the missing dependency to the environment in PingFederate, or remove the environment from PingCentral. Otherwise, PingCentral might become unusable.

PASS-3476 When adding SAML metadata files or URLs to applications in the edit screen, you can inadvertently save applications without any attribute mappings, including the SAML_SUBJECT attribute that is required for promotion. If you attempt to promote those applications, you will receive an error message informing you that the SAML_SUBJECT attribute is missing from the attribute contract fulfillment.

To resolve this issue, access the edit screen for the application, assign the SAML_SUBJECT attribute a value, and attempt to promote the application again.

PASS-3543 If an SP certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit screen and then access it again.
PASS-3586 Previously, if the combination of an application's Redirect URIs exceeded 255 characters, users could not add the application to PingCentral. This character limitation was removed for this release, which resolved the issue.
PASS-3610 If only one environment exists when you create a SAML application, and that environment is deleted, the Applications page will crash. If this occurs, add an environment directly to /pass/main/environments.
PASS-3613 PingCentral promotes access token mappings and APCs (Authentication Policy Contracts) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PF environments, applications will not function as expected.

When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.

To resolve these issues, configure the APC mappings within PingFederate.

PASS-3615 The attribute scopes within an OIDC policy must already be defined within the target environment, or the policy cannot be promoted.
PASS-3617 If you promote a SAML application with an assertion encryption certificate and then attempt to edit the application, the Save and Discard Changes buttons display on the edit screen before you make any changes, which could be misleading.

Ignore this irregularity and click the Save button, or click the Discard Changes button to exit the edit screen.

PASS-3618 If applications and environments have long names, you might not be able to see the entire list of available environments when you attempt to promote applications.

To select an environment not immediately visible from the list, continue scrolling. The entire list will eventually display, but environment names toward the bottom of the list might appear distorted.

PASS-3634 When application owners use SSO to access PingCentral, administrators cannot assign applications to them prior to the application owners ever accessing PingCentral.

However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.

PASS-3642 OAuth and OIDC applications created from templates in PingCentral version 1.0.1 used the application name as the Client ID during promotion. Starting with PingCentral version 1.2.0, the application ID is used as the Client ID.

So if an OAuth or OIDC application is created from a PingCentral version 1.0.1 template and promoted, a new client ID will be created for the application and the old client ID will no longer be used.

PASS-3643 If the Promote button is clicked more than once when a SAML application is promoted, the application could be unintentionally promoted to an environment multiple times. To prevent this from happening, press the Enter key during the promotion process.
PASS-3645 When adding and updating SAML applications, users receive error messages if they provide a service provider metadata file that does not contain certificate information. If this occurs, ignore the message and continue to add or update the application.
PASS-3830 If you update SAML attributes while updating other application information, the attribute information will not be saved. To prevent this from happening, update the attributes and save your changes. Then you can update additional application information.
PASS-4174 If owner or promotion configuration information is updated for a PingAccess application, or a PingAccess application is promoted, the modified timestamp does not update as it should, which could be deceiving if the list of applications is sorted by modified date. However, if a PingAccess application name or description is updated, the modified timestamp behaves as expected.
PASS-4249 If you add an application to PingCentral from the Applications page, unmanaged applications might display that you cannot manage.
PASS-4259 When adding PingFederate and PingAccess environments, you might receive an inaccurate messages stating that you successfully connected to PingFederate when you opted to skip the verification. Likewise, you might not receive a message stating that you have successfully connected to PingAccess when you have. To determine the status of the environments, access the Environments page and review the status of the environments to determine which are connected.
PASS-4280 If you filter for PingAccess applications, add a PingAccess application by using the Add to PingCentral button, and return to the Applications page, the filter might appear to be on and you might not be able to view the details for another unmanaged PingAccess application. If this occurs, refresh your browser window.
PASS-4293 Users cannot promote a PingAccess application to an environment where an application with the same name is already present, but has a different destination type (agent or site). The promotion will fail and an error message displays stating that an ID for the existing destination type is required. If this occurs, administrators can manually update the destination within PingAccess to match the application defined in PingCentral.
PASS-4300 If PingCentral is installed as a service, installation files are stored in a local directory, such as /usr/local/pingcentral-1-1.3.0/. When using the command line to upgrade to version 1.4.0, ensure that the existing parameter points to the direct path of the previous installation, and not to the softlink path, which appears first. Selecting the softlink path results in the installation failing even though a success message displays.
PASS-4305 If PingCentral was installed as a Linux service by one user, and the upgrade is performed by another, the service might no longer start. To resolve this issue, run the following command to update the installation files to match the existing ownership:

chown -R [user]:[group] [INSTALL_DIR]

Where the user and group match the existing installation.

For example: chown -R pingcentral:pingcentral /usr/local/pingcentral-1
PASS-4307 If a PingFederate application was created from a template in a PingFederate version higher than the version to which it is being promoted, the promotion will fail. For example, if the template was created from a PingFederate version 10.1 application, and you promote it to a PingFederate 9.2.3 environment, the promotion will fail.