PingFederate 12.0.1 (February 2024)
New features and enhancements
Runtime notification when thread dumps are enabled but log4j2.xml is not configured
Improved PF-34832
Added a feature to generate a warning message on the Runtime Notifications tab if you have enabled thread dumps, but you have not configured the ThreadDumpAppender and ThreadDumpLogger properties in the log4j2.xml file.
To learn more about configuring thread pool exhaustion events, see Configuring runtime notifications.
Randomly-generated provisioner node ids
Improved PF-30913
Added a feature allowing you to generate random provisioner.node.id values.
To learn more about configuring provisioners, see Deploying provisioning failover.
Custom KeyID
Improved PF-34883
Added a feature allowing administrators to define custom KeyID values for static OAuth and OIDC keys and token signing keys.
Fixed an defect that caused PingFederate to not publish the alg parameter on the JWKS endpoint. This issue occurred for dynamically-generated EC signing keys on engine nodes.
To learn more about keys, see Keys for OAuth and OpenID Connect.
Resolved issues
Rest datastore security vulnerability
Security PF-34720
Fixed a JSON injection vulnerability in REST datastores described in security advisory SECADV044.
Runtime nodes security vulnerability
Security PF-34896
Fixed a path traversal vulnerability in Runtime nodes described in security advisory SECADV044.
OpenID Connect policy management editor security vulnerability
Security PF-35081
Fixed a Cross-Site Scripting vulnerability in the OpenID Connect Policy Management Editor described in security advisory SECADV044.
GET SAML request signature processing error
Fixed PF-34641
Fixed a defect where SAML requests using HTTP GET method with multiple signature-related parameters encoded in the RelayState parameter were causing errors in processing signature validation.
NPE notification error
Fixed PF-34813
Fixed a defect that caused PingFederate to issue null pointer exception (NPE) errors when querying the token endpoint.
Certificate expiry notification error
Fixed PF-34854
Fixed a defect that caused the certificate expiry warning notification icon to remain when there were no notifications to display.
Reencyption causes connection or client to fail on engine
Fixed PF-34409
Fixed a defect where changes made on the administrative console were not replicated to the engine during reencryption.
JMX registration failure for imported archives
Fixed PF-34796
Fixed a defect that caused the JMX monitoring to fail to register archive files that are imported to PingFederate.
Content type changes if well_known endpoint response is too large
Fixed PF-34865
Fixed a defect that caused the content-type of a response from the well_known endpoint to change from JSON to HTML if a response is too large.
PingFederate displays unlock your account page for unlocked users
Fixed PF-34701
Fixed a defect that caused PingFederate to display an unlock your account page during self-service password reset to accounts that are not locked.
RHEL 8 using OS-level FIPS causes PingFederate failure
Fixed PF-34879
Fixed a defect that caused PingFederate to fail on startup when installed on a Red Hat Enterprise Linux (RHEL) server with OS-levels FIPS enabled.
Error message for authentication policy fragment with invalid localIdentityRef
Fixed PF-34882
Fixed a defect that returned a 500 error with no details when an authentication policy fragment had a LOCAL_IDENTITY_MAPPING action with an invalid localIdentityRef ID.