PingFederate 11.3.2 (September 2023)

New features and enhancements

Authenticating to Azure SQL Managed Instance through Azure Active Directory

Improved

Now PingFederate supports authentication to Azure SQL Managed Instance through Azure Active Directory without a username and password. For more information, see Configuring a JDBC connection.

Jetty library upgrade

Improved

We upgraded the Jetty library to 9.4.52.v20230823.

Resolved issues

One-time link in password-reset email messages

Fixed PF-33983

When using redirectless mode, now the one-time link (OTL) in password-reset email messages returns users to the authentication API application configured for the policy, rather than to PingFederate.

Incorrect error template when using service provider authentication policies

Fixed PF-34111

When a service provider (SP) authentication policy fails, PingFederate now renders the sp.sso.error.page.template.html page instead of the idp.sso.error.page.template.html page.

Updating OAuth clients with dynamic client registration

Fixed PF-34146

Fixed a defect where an OAuth client created with dynamic client registration (DCR) couldn’t be updated with DCR after it was modified with the administrative console.

Idle JDBC datastore connections

Fixed PF-34163

Now PingFederate closes idle JDBC datastore connections until the minimum pool size is reached instead of closing and recreating all of them.

The `id_token_jti` property in token endpoint responses

Fixed PF-34210

The id_token_jti property is no longer included in token endpoint responses.

Administrative API defect when fragment rules have Default to Success disabled

Fixed PF-34216

Fixed an administrative API defect when a fragment rule had Default to Success disabled

Email notifications for licensing events even when disabled

Fixed PF-34225

Resolved an issue that caused PingFederate to send email notifications for licensing events even though they were disabled in the Runtime Notifications configuration.

PingFederate Server