PingAccess Agent for IIS release notes
These release notes summarize the changes in current and previous PingAccess agent for Internet Information Services (IIS) updates. Updated July 11, 2024.
PingAccess Agent for IIS 1.5 (July 2024)
Cache multiple token-types for Web + API applications
New PA-15516
If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. For more information, see the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the IIS agent configuration page.
|
Existing agent environments ignore the new To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the IIS agent. Otherwise, continue to use an earlier agent version. |
Block bad characters in IIS agent deployments
New PAA-251
Configure the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.
Added eight new properties to the agent:
-
agent.request.block.xss.characters -
agent.request.block.uri.characters -
agent.request.block.query.characters -
agent.request.block.form.characters -
agent.request.block.xss.http.status -
agent.request.block.uri.http.status -
agent.request.block.query.http.status -
agent.request.block.form.http.status
Learn more in the IIS agent configuration configuration page.
|
For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision. |
Configure the IIS agent to ignore CRL checking if revocation server is unresponsive
Improved PAA-265
Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.
This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in IIS agent configuration.
PingAccess Agent for IIS 1.4 (June 2019)
Set the policy caching mechanism in agent.properties
New PAA-105
Added ability to set policy caching mechanism using a property in the agent.properties file.
PingAccess Agent for IIS 1.1 (December 2014)
Compatibility with IIS 7.0 running on Windows Server 2008
New
Added Support for Microsoft Internet Information Services (IIS) 7.0 running on Windows Server 2008.
Compatibility with IIS 7.5 running on Windows Server 2008 R2
New
Added Support for Microsoft Internet Information Services (IIS) 7.5 running on Windows Server 2008 R2.
Compatibility with IIS 8.0 running on Windows Server 2012 Datacenter Edition
New
Added Support for Microsoft Internet Information Services (IIS) 8.0 running on Windows Server 2012 Datacenter Edition.
Fixed a potential security issue
Security
Fixed a potential security issue related to caching (SECBL007). This security bulletin is available in the Ping Identity Support Portal (https://support.pingidentity.com/s/).