---
title: Agentless Integration Kit Changelog
description: The following is the change history for the Agentless Integration Kit.
component: agentless
page_id: agentless:release_notes:pf_agentless_ik_changelog
canonical_url: https://docs.pingidentity.com/integrations/agentless/release_notes/pf_agentless_ik_changelog.html
revdate: February 23, 2026
section_ids:
  version-2-3-1: Version 2.3.1
  version-2-3: Version 2.3
  version-2-2-1: Version 2.2.1
  version-2-2: Version 2.2
  version-2-1: Version 2.1
  version-2-0-4: Version 2.0.4
  version-2-0-3: Version 2.0.3
  version-2-0-2: Version 2.0.2
  version-2-0-1: Version 2.0.1
  version-2-0: Version 2.0
  version-1-5-4: Version 1.5.4
  version-1-5-3: Version 1.5.3
  version-1-5-2: Version 1.5.2
  version-1-5-1: Version 1.5.1
  version-1-5: Version 1.5
  version-1-4-1: Version 1.4.1
  version-1-4: Version 1.4
  version-1-3-3: Version 1.3.3
  version-1-3-2: Version 1.3.2
  version-1-3-1: Version 1.3.1
  version-1-3: Version 1.3
  version-1-2-1: Version 1.2.1
  version-1-2: Version 1.2
  version-1-1: Version 1.1
  version-1-0: Version 1.0
---

# Agentless Integration Kit Changelog

The following is the change history for the Agentless Integration Kit.

## Version 2.3.1

Released in February 2026.

* Fixed an issue that could have caused `500` errors if both:

  * The **Preserve JSON** checkbox was selected in the [Reference ID IdP adapter configuration](../custom_application_setup/pf_agentless_ik_reference_id_idp_adapter_settings_reference.html).

  * A tracked HTTP parameter or chained attribute included a JSON array.

## Version 2.3

Released in November 2025.

* Added stricter enforcement for wildcard matching in the **Allowed Subject DN** and **Allowed Issuer DN** fields.

  Learn more in [Reference ID IdP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_idp_adapter_settings_reference.html) and [Reference ID SP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_sp_adapter_settings_reference.html).

* Updated the code to fix improper encoding and prevent information leaks in HTTP responses.

## Version 2.2.1

Released in May 2025.

* Fixed an issue that prevented the adapter configuration from supporting exclusive and dynamic scopes in Bearer access token authentication flow.

* Fixed an issue where certificate details were not correctly logged during certificate authentication failures.

* Updated the adapter to ensure proper validation behavior when only Bearer token authentication is configured.

## Version 2.2

Released in April 2025.

* Fixed an issue that caused null attributes to be excluded from the response of the pickup API endpoint and added the **Include Null Attributes** checkbox to the adapter configuration. Learn more in [Overview of the service provider SSO flow](../pf_agentless_ik_overview_of_the_service_provider_sso_flow.html), [Overview of the identity provider SSO flow](../overview_of_the_identity_provider_integration/pf_agentless_ik_overview_of_the_identity_provider_sso_flow.html), [Reference ID IdP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_idp_adapter_settings_reference.html), and [Reference ID SP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_sp_adapter_settings_reference.html).

* Added the ability to preserve the JSON format of chained attribute and tracked HTTP parameter values. Learn more in [Reference ID IdP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_idp_adapter_settings_reference.html).

## Version 2.1

Released in March 2025.

* Added the ability to use Bearer token authentication as an authentication method.

  Learn more in [Authentication methods](../custom_application_setup/pf_agentless_ik_authentication_methods.html) and refer to the **Access Token Manager** - **Required Bearer Access Token Scopes** fields in [Reference ID IdP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_idp_adapter_settings_reference.html) and [Reference ID SP Adapter settings reference](../custom_application_setup/pf_agentless_ik_reference_id_sp_adapter_settings_reference.html).

## Version 2.0.4

Released in November 2021.

* Fixed an issue that caused the adapter to incorrectly handle integers in JSON payloads.

* Fixed an issue that caused the adapter to incorrectly handle multi-value attributes in PingFederate 10 and later.

* Verified that the Reference ID IdP Adapter is compliant with US Federal Information Processing Standards (FIPS). Learn more in [Integrating Bouncy Castle FIPS providers](https://docs.pingidentity.com/pingfederate/latest/getting_started_with_pingfederate/pf_set_up_java8_java11.html) in the PingFederate documentation.

## Version 2.0.3

Released in June 2021.

* Fixed an issue with client certificate authentication handling. Learn more in security bulletin [SECADV025](https://support.pingidentity.com/s/article/SECADV025-Agentless-Integration-Kit-Client-Certificate-Authentication-Mishandling) (requires sign-on).

## Version 2.0.2

Released in May 2021.

* Improved the description for the **Relax Pass Phrase Requirements** setting.

* Fixed an issue that caused the adapter to format multi-value attributes incorrectly.

* Fixed an issue that could cause a validation error in the **Logout Service Endpoint** field when upgrading the adapter.

## Version 2.0.1

Released in September 2020.

* Fixed an issue that prevented an error from triggering when the wrong REF ID was provided.

## Version 2.0

Released in August 2020.

* Added the **Send Request Parameters** setting to control the information sent in query parameter mode.

* Added validation to the **Pass Phrase** field to enforce strong passwords.

* Added support for the [JavaScript Widget for the PingFederate Authentication API](https://github.com/pingidentity/pf-authn-js-widget).

* Added support for the [PingFederate authentication API](https://docs.pingidentity.com/pingfederate/latest/developers_reference_guide/pf_authentication_api.html).

* Improved support for applications that do not maintain sessions. In the adapter configuration, the **Logout Mode** setting includes a **None** option.

* Improved debug log entries to show the adapter instance ID more clearly.

* Improved info log entries to show invalid reference ID errors.

* Created new Java, .NET Core, PHP, and Python sample applications and example code. Learn more in the [Ping Identity GitHub repository](https://github.com/pingidentity?q=agentless).

## Version 1.5.4

Released in March 2020.

* Added support for header names with dashes at the attribute pick up and dropoff endpoints.

* Fixed an issue that could cause a PingFederate engine node to stop responding on configuration reload.

* Fixed an issue that caused multi-valued attributes to be treated as a single string.

* Fixed an issue that caused the drop-off endpoint to return HTML when an error occurred.

## Version 1.5.3

Released in January 2020.

* Fixed an issue that prevented the adapter from correctly linking federated users to application users.

* Removed `date` from the adapter response.

* Improved error messages.

* Improved default values for some adapter configuration fields.

## Version 1.5.2

Released in July 2019.

* Improved the query parameter transport mode. It now passes query parameters to the authentication endpoint.

## Version 1.5.1

Released in February 2019.

* Included all-new sample applications in the distribution file. You can find the latest source code in [PingFederate Agentless Integration Kit Sample](https://github.com/pingidentity/pf-agentless-ik-sample) on the Ping Identity GitHub page.

* Fixed a bug that caused an invalid content-type header value in some API responses.

## Version 1.5

Released in December 2018.

* Added the ability to direct authorization consent requests to an external application. Learn more in [External consent approval](../custom_application_setup/pf_agentless_ik_external_consent_approval.html).

* Added support for virtual host names in the Reference ID Adapter. Learn more in the [Configuring virtual host names](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_managevirtualhostnamestasklet_virtualhostnamesstate.html) section of the PingFederate documentation.

* Fixed a cross-site scripting (XSS) issue. Learn more in security bulletin [SECBL013](https://support.pingidentity.com/s/article/SECBL013-Agentless-Integration-Kit-Cross-Site-Scripting-XSS-Vulnerability) (requires sign-on).

## Version 1.4.1

Released in November 2018.

* Improved the way Reference ID Adapter instance configurations are applied. Configuration changes now take effect without the need to restart PingFederate.

## Version 1.4

Released in September 2018.

* Reference ID IdP Adapter

  * Added the capability to prefix attribute keys with source information.

  * Added support for tracked parameters, a feature in the upcoming release ofPingFederate Server 9.2.

  * Added the ability to ignore untracked HTTP parameters.

  * Added support for JSON object based claims inside signed JWT request object.

* Reference ID IdP and SP Adapter

  * Improved logging for back-channel authentication failures.

  * Improved support for authentication method based on configured values.

## Version 1.3.3

Released in August 2018.

* Fixed issue with HTTP request parameters overriding signed JWT request parameter values.

* Target resource validation and error resource validation are now enabled in the sample configuration archive.

## Version 1.3.2

Released in April 2018.

* Fixed issue processing JSON-based request object claims.

* Fixed incorrect Content-Type header in Reference ID Adapter endpoint responses.

* Fixed data encoding issue with Form POST-based front-channel communication.

## Version 1.3.1

Released in September 2017.

* Fixed issue with exposing attributes to the IdP authentication endpoint.

## Version 1.3

Released in August 2017.

* Compatibility updates for JDK 8.

* Added support for exposing attributes to the IdP authentication endpoint.

* Added support for multi-value attributes.

## Version 1.2.1

Released in January 2016.

* Updated sample application data archive

## Version 1.2

Released in September 2012.

* Added two Transport Mode options (Query Parameter or Form Post) for Front Channel Communication for both the IdP and SP Reference ID Adapter.

* Added an authentication endpoint for the SP Adapter, which enables end-user redirection for authentication.

* Added Sample IdP/SP applications to the distribution. Sample applications provide a way to test an end-to-end identity provider (IdP) and service provider (SP) integration with PingFederate using the Agentless Integration Kit.

* Added the Certificate DN Compare Fix in the Agentless Integration Kit.

## Version 1.1

Released in November 2011.

* Support for multiple client certificates in a single Reference ID Adapter instance for client-certificate authentication.

* Allowed Subject DN and Allowed Issuer DN can be configured independently of each other.

* Basic authentication is no longer required when using client-certificate authentication.

* HTTP Header `ping.instanceId` is optional when a single Reference ID Adapter instance is configured.

* (Bug Fix) Unfound reference attribute association no longer returns a `Null Pointer Exception` error.

* Fixed an account linking issue with the Reference ID Adapter.

## Version 1.0

Released in October 2010.

* Initial Release.