PingAccess

PingAccess Agent for IIS release notes

These release notes summarize the changes in current and previous PingAccess agent for Internet Information Services (IIS) updates. Updated July 11, 2024.

PingAccess Agent for IIS 1.5 (July 2024)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.4.

Cache multiple token-types for Web + API applications

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. For more information, see the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the IIS agent configuration page.

Existing agent environments ignore the new vnd-pi-token-cache-oauth-ttl header and additional paths in the vnd-pi-resource-cache header.

To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the IIS agent. Otherwise, continue to use an earlier agent version.

Block bad characters in IIS agent deployments

New PAA-251

Configure the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to the agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

Learn more in the IIS agent configuration configuration page.

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

Configure the IIS agent to ignore CRL checking if revocation server is unresponsive

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in IIS agent configuration.

PingAccess Agent for IIS 1.4.4 (July 2021)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

Added agent inventory response

New PAA-224

Added agent inventory response.

PingAccess Agent for IIS 1.4.3 (December 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

Disable IIS caching only when modifying response

Improved PAA-202

Updated the agent to only disable IIS caching when the agent modifies the response. This preserves performance while mitigating an IIS session swapping vulnerability.

PingAccess Agent for IIS 1.4.2 (July 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

Fixed application pool crashing

Fixed PAA-194-15776

Fixed an issue that caused intermittent application pool crashes.

PingAccess Agent for IIS 1.4.1 (February 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.1.

Fixed a potential security issue

Security

Fixed a potential security issue.

PingAccess Agent for IIS 1.4 (June 2019)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.0.

Set the policy caching mechanism in agent.properties

New PAA-105

Added ability to set policy caching mechanism using a property in the agent.properties file.

Manage agent processing for a request based on the note field

New

Added ability to enable or disable agent processing for a request based on a note field.

Fixed a potential security issue

Security

Fixed a potential security issue.

PingAccess Agent for IIS 1.3.2 (November 2018)

Fixed a potential security issue

Security

Fixed a potential security issue.

PingAccess Agent for IIS 1.3 (January 2017)

Agent for SDK compatibility

Improved

Updated to version 1.1.1 of the PingAccess Agent SDK for C.

Use IIS 10 on Windows Server 2016

New

Added support for IIS 10 on Windows Server 2016.

Fixed IIS Preload Enabled setting

Fixed

Resolved an issue with the IIS Preload Enabled setting.

PingAccess Agent for IIS 1.2.1 (November 2016)

Configure the Preload Enabled setting in IIS

New

Added support for the Preload Enabled setting in IIS.

Security enhancements

Security

Made agent security enhancements.

PingAccess Agent for IIS 1.2 (August 2016)

Agent SDK for C compatibility

Improved

Updated to version 1.0.1 of the PingAccess Agent SDK for C.

PingAccess Agent for IIS 1.1.2 (February 2016)

Fixed an issue preventing custom request headers from setting

Fixed

Addressed issue with custom request headers not being set when URL contains query string parameters.

PingAccess Agent for IIS 1.1.1 (September 2015)

Use the IIS WebSphere plugin

New

Addressed compatibility with the IIS plugin for WebSphere.

PingAccess Agent for IIS 1.1 (December 2014)

Compatibility with IIS 7.0 running on Windows Server 2008

New

Added Support for Microsoft Internet Information Services (IIS) 7.0 running on Windows Server 2008.

Compatibility with IIS 7.5 running on Windows Server 2008 R2

New

Added Support for Microsoft Internet Information Services (IIS) 7.5 running on Windows Server 2008 R2.

Compatibility with IIS 8.0 running on Windows Server 2012 Datacenter Edition

New

Added Support for Microsoft Internet Information Services (IIS) 8.0 running on Windows Server 2012 Datacenter Edition.

Fixed a potential security issue

Security

Fixed a potential security issue related to caching (SECBL007). This security bulletin is available in the Ping Identity Support Portal (https://support.pingidentity.com/s/).

PingAccess Agent for IIS 1.0 (July 2014)

Initial release

Info

Initial release of the PingAccess Agent for IIS.