PingAccess 7.2.1 (April 2023)

Added RHEL 9 support to PingAccess

New PA-15174

Added support for RHEL 9 to version 7.2 of PingAccess, and the most recent versions of the PingAccess agent for NGINX and the PingAccess agent for Apache (RHEL). For more information, see the following topics:

Added UI controls for risk policy configuration

New PA-15152

Added two new pages in the administrative console, PingOne Connections and Risk Policies, as well as new configuration options on the Application and Application Resource tabs. These UI controls simplify the process of setting up a PingOne Protect integration for web applications. For more information, see the following topics:

For more information on how to establish a connection between PingOne Protect and PingAccess, see PingOne connections.
For more information on how to create a risk policy, see Risk policies.
For more information on how to assign a risk policy to a specific application or application resource, see the Application Type table entry in Application field descriptions or step 11 of Adding application resources.

PingOne risk policy integration maps user-agent header manually

Fixed PA-15153

PingAccess wasn’t sending the browser.userAgent parameter to PingOne Protect because PingAccess doesn’t currently support device profiling (which would normally collect this parameter). In the absence of device profiling, PingAccess now attempts to map this parameter manually and send it to PingOne Protect.

Redirect and templated authentication challenges now set PingAccess cookies

Fixed PA-15154

PingAccess now proactively sets web session cookies for Redirect and Templated authentication challenges when you select the Append Redirect Parameters check box on one of those two challenge generators. Adding web session cookies helps the frontend application to interpret redirect or templated challenge responses and begin the appropriate authentication procedure.

Improved vague error response message when PingOne Credential is blank or null

Fixed PA-15165

The response message PingAccess returns for errors generated when an administrator adds or updates a PingOne connection has been improved to specify that the credential must not be null, empty, or blank.

Adjusted agent token cache TTLs to reflect risk policy evaluation intervals

Fixed PA-15166

Corrected an issue with token cache time to lives (TTLs) on agent applications that use the PingOne Protect integration. The agent token cache TTLs no longer prioritize an application’s web session Idle Timeout over the Risk Check Interval or Authentication Validity Period defined in the application’s risk policy.

Fixed default removal of active session state cookies from requests

Fixed PA-15167

Corrected an issue where PingAccess would remove active session state cookies from requests by default. If a component relies on the session state cookie, its absence can cause unexpected behavior, so PingAccess now removes session state cookies conditionally.