PingFederate Server

PingFederate 11.1.3 (December 2022)

Enhancements and resolved issues in PingFederate 11.1.3.

Improvements to custom revocation checker

Fixed PF-32395

We’ve improved PingFederate’s custom revocation checker, ensuring that when the server returns stapled Online Certificate Status Protocol (OCSP) responses, PingFederate invokes the checker. Previously, PingFederate used the default revocation checker to validate these responses, which could cause single sign-on (SSO) failures with BCFIPS mode enabled. For more information, see Configuring certificate revocation.

Cluster replication notifications

Fixed PF-32398

We’ve improved notifications to signal to administrators that in the event of a replication failure or any changes to cluster configuration require replication. For more information, see Cluster management.

Null pointer exception during dependency error detection

Fixed PF-32553

During PingFederate dependency error detection, OGNL expressions in adapter-to-adapter mappings no longer raise a null pointer exception (NPE).

PingFederate updates to HSM ordering

Fixed PF-32556

We’ve updated the recommended security provider ordering for the Thales Luna Network hardware security module (HSM) to address an issue where temporary keys and sessions could accumulate on the HSM, eventually resulting in resource exhaustion. A limitation of the new ordering is that EC certificates can no longer operate as SSL server certificates. For details on the new order, see Integrating with Thales Luna Network HSM.