PingAccess 7.3.2 (October 2023)
Configure Microsoft Azure AD as the token provider for administrative API OAuth
New PA-15518
Added support for OAuth tokens created by Microsoft Azure AD for administrative API OAuth. This improves account security for administrators with Microsoft Azure AD configured as the token provider and enables administrators to use their own accounts to configure PingAccess via admin API calls. Relaxed the following PingAccess requirements:
-
If you’re using either a common token provider or administrative token provider configuration, you can now use a local access token validator to bypass administrative API OAuth validation that checks whether the token provider supports the introspection endpoint. This is necessary because Microsoft Azure AD does not have an introspection endpoint.
-
The administrative API OAuth no longer enforces whether an administrative token contains a
scopeclaim with a configurable value, because Microsoft Azure AD uses ascpclaim instead.
Map SAML tokens as HTTP request headers
New PA-15525
Added the ability to map the SAML token received from a SAML token mediator site authenticator to an HTTP request header that you specify instead of mapping the token as a request cookie. For more information, see the Logged In Header Name field.
Fixed object ID override for key pairs and certificates imported through the administrative API
Fixed PA-15386
Fixed an issue that caused PingAccess to replace object IDs defined on key pairs or certificates imported through the administrative API with an auto-generated object ID.
Additionally, the POST /keyPairs/import and POST
/certificates API models have been updated to include more information on how to assign an ID for these object types.