Regular channel changelog version 21027.2

FRAAS-28387: Invites for Advanced Identity Cloud tenant registration now use a one-time passcode (OTP) instead of a magic link. This change prevents email scanners from accidentally invalidating single-use links.

AME-29745: Improved the certificate validation process in the Certificate Collector and Certificate Validation nodes. By default, Advanced Identity Cloud collects the first certificate in a certificate chain (the user certificate). You can now create an ESV named esv-am-nodes-certificatechain-validation-enforced and set its value to true to collect the chain of certificates.

AME-33851: You can now use next-generation scripts for social identity provider transformation scripts.

OPENAM-23610: The default value for the Return challenge as JavaScript (Legacy) property on the WebAuthn Authentication and WebAuthn Registration nodes is now not enabled. Ping Identity recommends that you keep this setting.

OPENAM-25329: The PingOne Protect Initialize node now includes an Additional Signals SDK Initialization Options attribute. This allows you to configure options that aren’t already defined in the node. The PingOneProtectInitializeCallback has been updated with new fields to support this.

OPENAM-25677: The PingOneProtectInitializeCallback now includes a universalDeviceIdentification field, which replaces the deprecated enableTrust field. The enableTrust field is still returned for backward compatibility.

IGA-4186^[1]: Fixed an issue for user LCM in the hosted account pages where large user populations weren’t correctly sorted and paginated.

OPENAM-22698: Fixed a bug that caused duplicate URIs in WS-Federation responses.