Previous AD Connect Releases

TLS Support

AD Connect 5.0.1 supports TLS 1.2 as we prepare to End of Life TLS 1.0. and 1.1. See TLS 1.0 and TLS 1.1 End of Life in PingOne for Enterprise for more information.

New installations and upgrades to AD Connect 5.0.1 require the installation of Microsoft .NET Framework 4.7.2. See Installing AD Connect for more information.

Active Directory Global Catalog

(AD Connect only) You can now elect to use the Active Directory Global Catalog for lookups. The option to enable the Global Catalog is in the AD Connect Configuration section of the AD Connect setup (Setup → Identity Repository → Connect to an Identity Repository → AD Connect). See AD Connect final setup for more information.

Branding

(AD Connect) You can now assign branding for the login and password reset pages. See Assign AD Connect branding and designs for more information.

SSD-10054

(AD Connect) Fixed an issue where AD Connect did not allow duplicate values in an Octet String attribute.

TLS 1.1 and 1.2 now supported

We’ve added support for TLS 1.1 and 1.2. (SSD-8913).

SSD-6889

(AD Connect) Fixed an issue where AD Connect was prevented from reconnecting to PingOne if an error was encountered while attempting to connect.

(AD Connect) Added logging of authentication method

We updated AD Connect logging to distinguish the method a user employs to authenticate (such as, IWA or Forms-based). (SSD-6103).

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

Invalid credential errors

Invalid credential errors are now logged at the Debug level, rather than the Error level as previously. (SSD-5372, SSD-5501).

PINGONESTG-2489, SSD-5501

(AD Connect with IIS only) Fixed an issue where communication issues with the DC were being masked by other error messages.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

Invalid credential errors

(AD Connect with IIS only) Invalid credential errors are now logged at the Debug level, rather than the Error level as previously. (SSD-5372).

PINGONESTG-2447, SSD-5372

(AD Connect with IIS only) Fixed an issue in AD Connect with IIS where look ups for additional user information were sometimes incorrectly based on the user’s email domain instead of the Windows domain, as expected.

PINGONESTG-2455, SSD-5372

Fixed an issue where AD Connect could unintentionally be configured to strip the email domain from the username before trying to look up the user information based on their email (which would always fail). The Strip Email setting is now disabled for email-based lookup.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

Debug logging

We’ve improved debug logging (PINGONESTG-2292).

PINGONESTG-2413

Fixed an issue where a user’s thumbnail photo attribute wasn’t encoded properly.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

PINGONESTG-2377

Fixed an issue where the photo attribute wasn’t encoded properly.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

SSD-4726

Fixed an issue when using Filter as the lookup method with "Strip mail" disabled. AD Connect was appending the domain name if the user didn’t include it.

SSD-5013

Fixed an issue where, under certain conditions, errors were being displayed without the proper styling.

PINGONESTG-2341

Fixed issue where static resources weren’t loaded correctly on some pages.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

PINGONESTG-2251

Fixed an issue with filter-based authentication where disabling the Strip Email resulted in appending the Windows domain to usernames during the lookup.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

SSD-4121

(AD Connect) Fixed an issue where concurrent SSO requests using IWA were resulting in network collisions.

ID-1357

Fixed an issue that was causing some users to get an HTTP Error 400 when attempting to SSO to ZScalar from AD Connect.

ID-1289

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

SSD-3870

If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one.

SSD-4139

Fixed an issue where a user’s middle name attribute could not be used in a SAML assertion.

ID-5623

Fixed an issue where AD Connect was providing PingOne with the computer name, rather than the fully qualified domain name (FQDN).

ID-5826

Fixed an issue where the connection to PingOne can intermittently be lost under certain conditions.

ID-5838

When you use a custom theme.zip with AD Connect with IIS, the favicon is placed in the root directory. This prevents the custom theming from handling the state properly.

ID-361

Fixed an issue where AD Connect wasn’t sending the address attributes in the SCIM User object if the StreetAddress attribute wasn’t set.

Provisioning

For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain’s provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315.

ID-5012

Fixed an issue where users had no access to applications until the AD Connect Configuration service was restarted.

ID-4705

Fixed an issue where PingID needed to be re-enabled after upgrading AD Connect.

Provisioning

For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain’s provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315.

ID-4668

Fixed an issue where the AD Connect for IIS installation wasn’t finding the required .NET version, although it was installed.

ID-4650

Fixed an issue where provisioning for AD Connect was failing.

Provisioning

For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain’s provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315.

ID-4010

Fixed an issue where SSO wasn’t working unless you restarted the AD Connect Configuration Service.

Provisioning

For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain’s provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315.

ID-3995

Fixed an issue where you weren’t able to select the Provisioner Only option using a mouse or trackpad.

Provisioning

For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain’s provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315.

ID-3613

Fixed an issue where the installation instructions in the header of the screen to select the installation type weren’t being displayed properly.

ID-3501

Fixed the naming of the AD Connect with IIS selection on the installation type screen.

ID-2277

Fixed issue where the option to require a password on an initial login wasn’t enabled by default.

ID-2222

Fixed display of popup window to authorize an AD Connect update.

ID-2117

Fixed error when configuring IdP using a new account.

ID-2074

Fixed error when switching to edit mode from the settings summary page after previously exiting edit mode without making any changes.

AD Connect application requests redirected to the PingOne dock (ID-1441)

If you are using AD Connect and experiencing an issue where your application requests are being redirected to the PingOne dock when you aren’t using the dock, enable the stateless option for AD Connect:

ID-2277

Fixed issue where the option to require a password on an initial login wasn’t enabled by default.

ID-2222

Fixed display of popup window to authorize an AD Connect update.

ID-2117

Fixed error when configuring IdP using a new account.

ID-2074

Fixed error when switching to edit mode from the settings summary page after previously exiting edit mode without making any changes.

AD Connect application requests redirected to the PingOne dock (ID-1441)

If you are using AD Connect and experiencing an issue where your application requests are being redirected to the PingOne dock when you aren’t using the dock, enable the stateless option for AD Connect:

ID-1306

Fixed a misleading error message when attempting to communicate with PingOne.

AD Connect application requests redirected to the PingOne dock (ID-1441)

If you are using AD Connect and experiencing an issue where your application requests are being redirected to the PingOne dock when you aren’t using the dock, enable the stateless option for AD Connect:

ID-246

Fixed an issue where the distinguishedName include::pingone_for_enterprise:partial$p14e_p1refs_ad.adoc[tags=AD]attribute wasn’t being sent for provisioning.

ID-242

Fixed an issue where the attribute were being converted to all lowercase.

None

(None to report for this release.)

None

(None to report for this release.)

PINT-524

Fixed exception when selecting CA signed certificate during installation.

Various

Minor fixes.

PINT-277

Fix an issue where the subject is missing when the user principal name (UPN) isn’t specified for the user.