PingAccess

PingAccess 7.3.1 (September 2023)

Configure Microsoft Azure AD as a common token provider when protecting an API application

New PA-15369

PingAccess has made common token provider configuration more flexible:

  • When you’re configuring the OAuth authorization server for a common token provider, the Introspection Endpoint field is now required only if you configure a remote access token validator on your PingAccess application.

  • When you’re configuring an application, before you can select a remote access token validator from the Access Validation list, you must configure an Introspection Endpoint on the OAuth Authorization Server tab.

This increased flexibility enables you to configure Azure AD as the common token provider for protected API applications.

Because Azure AD doesn’t have an introspection endpoint and doesn’t include a client ID value in tokens that they create, you must use a key from the JWKS endpoint to validate tokens locally when you’re protecting an API application. For more information, see Configuring Azure AD as the common token provider when PingAccess is protecting an API application.

Fixed UI rendering issue when optional field is missing from plugin

Fixed PA-15273

Fixed an issue that caused the PingAccess administrative console UI to fail to render if a newly added configuration field was missing from the plugin data that was saved previously.

For more information, see create your own plugins.

Fixed SniHandlerConfigBuilder parameter keystore type declaration

Fixed PA-15270

Fixed an issue that caused the SniHandlerConfigBuilder to fail to declare a specific keystore type for the PingAccess SslContext server, which could result in PingAccess taking longer to start up if the target JVM’s default keystore type was PKCS#12.

The SniHandlerConfigBuilder now specifically declares JKS as the keystore type to prevent unexpected performance losses.

Fixed UI rendering breakage when using Groovy script fields in composite plugin fields

Fixed PA-15381

Fixed an issue that caused the PingAccess administrative console UI to display a blank page if you attempted to configure a Groovy script field within a plugin entity in a composite field.

For more information, see create your own plugins.

Fixed form data registration of list fields in composite plugin fields

Fixed PA-15382

Fixed an issue that caused list fields embedded in composite plugin fields to register improperly in the form data for the PingAccess administrative console UI.

For more information, see create your own plugins.

Fixed log category preferences not sticking on restart

Fixed PA-15390

Fixed an issue that caused PingAccess to reset an environment’s configured log setting categories on startup.

Fixed early expiration of cached PingOne Protect risk evaluation results

Fixed PA-15396

Fixed an issue with the PingOne Protect integration that caused PingAccess to calculate expiration values for cached risk evaluation results in milliseconds instead of seconds. This unexpected input value was disabling token caching after making a risk evaluation because PingAccess was receiving a false positive result that the risk evaluation cache data had expired.

Fixed an issue caused by sending an API request with an invalid or blank risk policy

Fixed PA-15399

Fixed an issue that caused sending an API request with an invalid or blank risk policy to result in a NullPointerException error.

Fixed Azure AD access token validation issue

Fixed PA-15496

Azure AD creates a Application (Client) ID value that exceeds 36 characters and automatically assigns that value as the Audience value in the access token. This prevented PingAccess from validating Azure AD access tokens because PingAccess previously accepted a maximum of 32 characters for an Audience value.

PingAccess can now accept a longer Audience value.