PingAccess 7.1 (June 2022)
Automatic Engine Registration
New PA-14730
A new capability lets you configure and download an engine node registration file from the PingAccess UI. You can put this file on an engine node when it is first started to automatically register the engine node. For more information, see Configuring engine nodes using an auto-registration file.
Added capability for forced reauthorization
New PA-14737
Authentication requirements rules now include an option for maximum age. If the user has not authenticated within the specified timeframe, they are prompted to reauthenticate. For more information, see Adding an authentication requirements rule.
Kong API Gateway Integration
New PA-14418
Ping Identity provides a plugin for Kong Gateway that enables PingAccess (and other Ping Identity products) to be used for policy decisions. For more information, see Kong API Gateway Integration.
IWA Integration
New PA-14588
PingAccess, when protecting applications as a gateway, adds support for protecting applications that rely on Integrated Windows Authentication (IWA). This gives IAM teams consistent, centralized access control and visibility for IWA-based applications, similar to their WAM-based applications (PingAccess does not mediate authentication methods for IWA-based applications. Authentication is negotiated between the browser and the IWA-based application, passing through PingAccess). For more information, see IWA Integration.
Added SPA Support Disabled Authentication Challenge Policy
New PA-14567
A new SPA Support Disabled Authentication Challenge Policy (ACP) has been added that behaves the same as previously seen when Applications were set with SPA Support disabled. Additionally, added an ability to define a default ACP to be set when creating new applications in the PingAccess administrative UI. For more information, see changes to Application field descriptions and System defaults, and Configuring authentication challenge policies.
Added Content-Security-Policy
headers
New PA-14597
The PingAccess Runtime Authentication Challenge Policy behavior is modified to incorporate a default CSP header in the response. Additionally, default content-security-policy
headers have been added for various error responses generated by PingAccess. For more information, see changes to Configuration file reference.
Added support for PingFederate administrative APIs using OAuth authentication
New PA-14562
PingAccess can authenticate to PingFederate administrative APIs using OAuth2 by sending a bearer token in the requests PingAccess makes to the PingFederate administrative API. For more information, see Configuring PingFederate administration.
Fixed certificate ID issue
Fixed PA-14775
Fixed an issue that restricted the available certificate IDs for agents, engines, and replica administrative nodes.
Fixed authentication requirements issue
Fixed PA-14771
Fixed an issue that prevented an authentication requirements list from correctly displaying the related authentication requirements rule after an attempt to edit it.
Fixed non-FIPS HSM key pair issue
Fixed PA-14414
Fixed an issue where PingAccess could not use non-FIPS HSM key pairs at runtime.
Fixed DB password issue
Fixed PA-14570
Resolved an issue by disabling the DB password check in Derby.
Fixed nonce cookie persistence issue
Fixed PA-12652
Fixed an issue where nonce cookies were not removed when SLO is not enabled.
Fixed API swagger issue
Fixed PA-14634
Fixed an issue with API swagger where the GET Response Class Models and Operational Models did not reflect the actual response.
Fixed custom load balancing issue
Fixed PA-14645
Fixed an issue where custom load balancing strategies that returned custom TargetHosts would result in runtime exceptions.