PingFederate 13.0.1 (February 2026)

New PF-38501

We’ve added a feature that allows you to disable automatic validation of IdP adapters when you go to the Authentication > Integration > IdP Adapters menu.

Disabling automatic validation can reduce loading time if you have a large number of IdP adapters configured.

Learn more in Disabling automatic IdP adapter validation.

Info PF-38526

We’ve added a new configuration option to limit the Pushed Authorization Request (PAR) to the parameters mentioned in the specification when the connection is configured to use JWT-secured Authorization Request (JAR).

Info PF-38538

We’ve upgraded log4j-core to version 2.25.3.

This upgrade ensures continued alignment with maintained upstream dependencies and resolves a potential security vulnerability.

Fixed PF-38417

We’ve fixed a defect where setting response_mode to pi.flow in Pushed Authorization Requests (PAR) or standard request objects resulted in an INVALID_REQUEST error.

Fixed PF-38548

We’ve fixed a defect that caused dynamic client registration to fail when Retain Client Secret was enabled and Client Secret Retention Period was set globally in Authorization Server Settings.

Fixed PF-38585

We’ve fixed a defect that prevented PingFederate from creating, updating, or testing Kerberos realms when the AutoGenerateKrb5Conf parameter was set to false in the com.pingidentity.common.util.KerberosConfigUtil file.

Fixed PF-38585

We’ve fixed a defect where PingFederate temporarily overwrote the krb5.conf file during Kerberos realms testing when AutoGenerateKrb5Conf was disabled.

Fixed PF-38595

We’ve fixed a defect that caused the heartbeat endpoint to be potentially unresponsive in rare concurrent access situations.

Fixed PF-38623

We’ve fixed a defect that caused an error when authentication policies with a Requested AuthN Context Authentication had Add or Update AuthN Context Attribute enabled.