PingFederate 12.1.11 (May 2026)

New features and enhancements

Unconnected cluster node startup

Improved PF-38898

PingFederate now supports the force.require.replication.data.on.startup parameter in the cluster-config-replication.conf file. This parameter allows you to prevent an engine node from starting up without establishing a connection to the cluster and retrieving replication data.

Learn more in Cluster management.

Resolved issues

OGNL code test access control

Security PF-38742

We improved role-based access control (RBAC) for the administrative expression-testing endpoint. Access to expression evaluation is now limited to appropriately privileged roles, ensuring it aligns with intended administrative permissions.

URL validation for RelayState

Fixed PF-38028

We fixed a defect where PingFederate would reject requests with valid, non-encoded RelayState values.

Administrative API authentication

Fixed PF-38393

We fixed a defect that allowed Basic Authentication to access the Administrative API even when Basic Authentication was disabled in the pf.admin.api.authentication property.

Authentication policy error

Fixed PF-38623

We fixed a defect that caused an error when authentication policies with a Requested AuthN Context authentication had Add or Update AuthN Context Attribute enabled.

Dynamic JWKS rotation timer

Fixed PF-38903

We fixed a defect that prevented the dynamic JWKS rotation timer from resetting after a node joined a cluster.

PingFederate Server