---
title: PingAccess 7.3.1 (September 2023)
description: New PA-15369
component: pingaccess
version: 7.3
page_id: pingaccess:release_notes:pa_731_sep
canonical_url: https://docs.pingidentity.com/pingaccess/7.3/release_notes/pa_731_sep.html
llms_txt: https://docs.pingidentity.com/pingaccess/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: September 18, 2023
section_ids:
  configure-microsoft-azure-ad-as-a-common-token-provider-when-protecting-an-api-application: Configure Microsoft Azure AD as a common token provider when protecting an API application
  fixed-ui-rendering-issue-when-optional-field-is-missing-from-plugin: Fixed UI rendering issue when optional field is missing from plugin
  fixed-snihandlerconfigbuilder-parameter-keystore-type-declaration: Fixed SniHandlerConfigBuilder parameter keystore type declaration
  fixed-ui-rendering-breakage-when-using-groovy-script-fields-in-composite-plugin-fields: Fixed UI rendering breakage when using Groovy script fields in composite plugin fields
  fixed-form-data-registration-of-list-fields-in-composite-plugin-fields: Fixed form data registration of list fields in composite plugin fields
  fixed-log-category-preferences-not-sticking-on-restart: Fixed log category preferences not sticking on restart
  fixed-early-expiration-of-cached-pingone-protect-risk-evaluation-results: Fixed early expiration of cached PingOne Protect risk evaluation results
  fixed-an-issue-caused-by-sending-an-api-request-with-an-invalid-or-blank-risk-policy: Fixed an issue caused by sending an API request with an invalid or blank risk policy
  fixed-azure-ad-access-token-validation-issue: Fixed Azure AD access token validation issue
---

# PingAccess 7.3.1 (September 2023)

## Configure Microsoft Azure AD as a common token provider when protecting an API application

New PA-15369

PingAccess has made common token provider configuration more flexible:

* When you're [configuring the OAuth authorization server](../pingaccess_user_interface_reference_guide/pa_configuring_oauth_authz_servers.html) for a common token provider, the **Introspection Endpoint** field is now required only if you configure a remote access token validator on your PingAccess application.

* When you're [configuring an application](../pingaccess_user_interface_reference_guide/pa_application_field_descriptions.html), before you can select a remote access token validator from the **Access Validation** list, you must configure an **Introspection Endpoint** on the **OAuth Authorization Server** tab.

This increased flexibility enables you to configure Azure AD as the common token provider for protected API applications.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | Because Azure AD doesn't have an `introspection` endpoint and doesn't include a client ID value in tokens that they create, you must use a key from the `JWKS` endpoint to validate tokens locally when you're protecting an API application. For more information, see [Configuring Azure AD as the common token provider when PingAccess is protecting an API application](../pingaccess_user_interface_reference_guide/pa_azure_ad_api_access_token_validation.html). |

## Fixed UI rendering issue when optional field is missing from plugin

Fixed PA-15273

Fixed an issue that caused the PingAccess administrative console UI to fail to render if a newly added configuration field was missing from the plugin data that was saved previously.

For more information, see [create your own plugins](../agents_and_integrations/pa_create_your_own_plugins.html).

## Fixed `SniHandlerConfigBuilder` parameter keystore type declaration

Fixed PA-15270

Fixed an issue that caused the `SniHandlerConfigBuilder` to fail to declare a specific keystore type for the PingAccess `SslContext` server, which could result in PingAccess taking longer to start up if the target JVM's default keystore type was PKCS#12.

The `SniHandlerConfigBuilder` now specifically declares JKS as the keystore type to prevent unexpected performance losses.

## Fixed UI rendering breakage when using Groovy script fields in composite plugin fields

Fixed PA-15381

Fixed an issue that caused the PingAccess administrative console UI to display a blank page if you attempted to configure a Groovy script field within a plugin entity in a composite field.

For more information, see [create your own plugins](../agents_and_integrations/pa_create_your_own_plugins.html).

## Fixed form data registration of list fields in composite plugin fields

Fixed PA-15382

Fixed an issue that caused list fields embedded in composite plugin fields to register improperly in the form data for the PingAccess administrative console UI.

For more information, see [create your own plugins](../agents_and_integrations/pa_create_your_own_plugins.html).

## Fixed log category preferences not sticking on restart

Fixed PA-15390

Fixed an issue that caused PingAccess to reset an environment's configured [log setting categories](../pingaccess_user_interface_reference_guide/pa_log_settings.html) on startup.

## Fixed early expiration of cached PingOne Protect risk evaluation results

Fixed PA-15396

Fixed an issue with the [PingOne Protect integration](../agents_and_integrations/pa_p1risk_policy_eval_integration.html) that caused PingAccess to calculate expiration values for cached risk evaluation results in milliseconds instead of seconds. This unexpected input value was disabling token caching after making a risk evaluation because PingAccess was receiving a false positive result that the risk evaluation cache data had expired.

## Fixed an issue caused by sending an API request with an invalid or blank risk policy

Fixed PA-15399

Fixed an issue that caused sending an API request with an invalid or blank risk policy to result in a `NullPointerException` error.

## Fixed Azure AD access token validation issue

Fixed PA-15496

Azure AD creates a `Application (Client) ID` value that exceeds 36 characters and automatically assigns that value as the `Audience` value in the access token. This prevented PingAccess from validating Azure AD access tokens because PingAccess previously accepted a maximum of 32 characters for an `Audience` value.

PingAccess can now accept a longer `Audience` value.