PingAccess

Agent SDK for C 1.4 (July 2024)

Added support for RHEL 9

New

Added support for RHEL 9.

Cache multiple token-types for Web + API applications in Apache and IIS agent deployments

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. For more information, see the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the desired agent configuration page.

Existing agent environments ignore the new vnd-pi-token-cache-oauth-ttl header and additional paths in the vnd-pi-resource-cache header.

To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the agent. Otherwise, continue to use an earlier agent version.

Block bad characters in Apache and IIS agent deployments

New PAA-251

Configure a PingAccess Apache agent or the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to each agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

Learn more in the configuration page for your agent:

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

Configure the IIS agent to ignore CRL checking if revocation server is unresponsive

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in IIS agent configuration.