Changelog

Added a new OpenToken agent that uses Jakarta EE 9.

Added new sample applications that use Jakarta EE 9.

Improved security by updating the bundled Apache Log4j2 component in the sample applications.

Added support for reading and writing OpenTokens with the Java native multimap method. For details, see Reading and writing OpenTokens. There is no change to encoding or decoding attributes.

Improved the sample application configuration pages.

Improved the sample data.zip archive by enabling the redirection validation setting in PingFederate by default.

Added a new method for reading tokens as an alternate to the Apache Commons Multimap.

Fixed an issue that could cause cross-site single logout to stop working after upgrading the adapter.

Fixed an issue that caused session cookies to expire at the wrong time.

Added the SameSite Cookie field to support the SameSite cookie flag in web browsers.

Resolved an issue that caused an error in the sample application in PingFederate 9.1 and earlier.

Resolved an issue in the sample application sign on button that could cause an error in an authentication policy tree.

Added support for RFC 6265 compliance to the OpenToken SP adapter when extended attributes are sent as cookies.

Added support to do SLO without external logout service configuration.

Fixed minor bugs in the sample applications.

Modernized the look and feel of the Java sample applications.

Removed the preceding dot requirement in the Cookie Domain setting of the OpenToken Adapter IdP Adapter screen.

Expanded character support for entity id.

Update for compatibility with PingFederate 8.2.

Added an HttpOnly field.

Added support for log4j2.

Added logging to the OpenToken Agent to log the name of the token and its value at the debug level.

Added support to validate the resume path for the IdP sample application, only enabling redirection along a relative path.

Updated Ping Identity logos for the sample applications.

Added support for configuring a context path for the sample applications.

Address a security issue in the previous release.

Added support for OpenToken 2.5.1 Adapter and the OpenToken 2.5.1 Agent.

Fixed several minor defects in the IdP and SP sample applications.

Corrected the spelling of AgentConfiguration.setObfuscatePasword() method name to AgentConfiguration.setObfuscatePassword() and deprecated the misspelled method.

Improved Javadoc documentation for several areas of the API.

Removed extraneous configuration from the IdP and SP sample application data archive (data.zip).

Added support for UTF-8 encoding in the IdP and SP sample applications for attributes.

Rewrote the IdP and SP sample applications to provide reference OpenToken integration for Java web applications.

Added buildable source code for IdP and SP sample applications.

Added token Replay Prevention to the OpenToken IdP Adapter advanced settings.

Added POST transport method for OpenToken when used by an SP.

Added an option to specify session vs. persistent cookie.

Added an option to set the Secure attribute on an OpenToken when a cookie is used.

Added ability to bypass password obfuscation and strength enforcement for backward compatibility with previous Java OpenToken agents.

Improved handling of null parameters for single logout via the back-channel (SOAP).

Empty query string (?) is not automatically appended to the URL when redirecting to the Target Resource.

Target Resource URL is URL-encoded.

Added support for SAML 2.0 isPassive and ForceAuthn.

Enforced UTF-8 encoding within OpenToken.

Extended Force Sun JCE Provider option in the OpenToken Adapter to allow compatibility with SafeNet Luna HSM.

Symmetric key in the OpenToken agent configuration file is encrypted.

Combined the OpenToken Adapter and OpenToken Java library jar files into a single adapter file for easier deployment to PingFederate.

Added AgentConfiguration class to simplify Agent instantiation.

Added Agent Toolkit API Javadoc.

Added option to force the use of the Sun Java Cryptography Extension (JCE) on the agent JDK (when necessary to support the SafeNet Luna SA Hardware Security Module) If this option is not selected, the default JCE provider is used, either SunJCE or IBMJCE.

Modified salt-value generation to correct PFTOKEN creation delay on Linux operating systems

Added support for setting and retrieving multi-value attributes in the SAML assertion

Added Secure Cookie option which ensures the PFTOKEN cookie is sent only on a secure channel

Added Session Lifetime option to specify the duration (in seconds) for which the token may be re-issued without authentication (added for other purposes—has no effect for the Java Integration Kit)

Bundled Java sample application with distribution.

Modified to allow backward compatibility of the Standard Adapter 1.2.1 with PingFederate 4.0.

Added option to encode PFTOKEN for handling special characters.

Added additional constructor to allow PFTOKEN to use default properties for all configuration options except password, holder name, and max age.

Added PFTOKEN time stamp information in the log file.