PingFederate 11.2.5 (May 2023)

Fixed PF-32764

We’ve improved logging validation.

Fixed PF-32783

We fixed an issue where multi-value request parameters were not working as expected when using OIDC for console login.

Fixed PF-33093

We fixed an issue where PingFederate did not preserve changes to certain validation rules in the http-request-parameter-validation.xml file upon upgrade.

Fixed PF-33168

We improved SP-Initiated SAML login session tracking. This security improvement can affect existing SAML SP connections that rely on multiple session states in a single transaction.

For more information about how your configuration can be affected, and the steps to resolve issues, see Solicited SAML Response Validation in the Ping Identity Support Portal.

Fixed PF-33307

The one-time link (OTL) reset page now displays an error message when the link is expired.

Fixed PF-33342

We resolved an issue where an access token may not include the pi.sri claim after refresh. This issue only occurs when reuse of existing access grants is enabled.

Fixed PF-33484

In OAuth and OpenID Connect (OIDC) flows, external consent adapters can now retrieve attributes from the chained attributes map.

Fixed PF-33503

We fixed an LDAP issue where new access grant records were not created with new scopes when Reuse Existing Persistent Access Grants for Grant Types was enabled.

Fixed PF-33557

We resolved an issue where an ID token would not include the Authentication Context Class Reference (ACR) claim if an old client secret was used during the retention period.

Fixed PF-33607

We fixed an issue that affected cluster replication when PingFederate was deployed with AWS CloudHSM. When replication was initiated, engines generated a number of temporary key pairs, and the increased load on the HSM could trigger SSO errors.