Upgrade considerations - PingAccess

Page created: 26 Jul 2021 |

Page updated: 14 Dec 2022

| 3 min read

7.0 PingAccess Product IT Administrator Administrator Audience Release Notes Content Type

Specific changes in PingAccess might require additional steps during an upgrade to the latest version.

Java 8

As we continue to improve our products and HSM integrations, we encourage our customers to migrate off of Java 8. We intend to remove Java 8 support from our qualification process in May 2023. For more information, including Java 11 support, see Installation requirements.

Microsoft Internet Explorer 11

Ping Identity commits to deliver the best experience for our administrators and users. As we continue to improve our products, we encourage our customers to migrate off of Microsoft Internet Explorer 11. We intend to remove Internet Explorer 11 from our qualification process in December 2021.

Performing a zero downtime upgrade from 6.0, 6.0.1, 6.0.2, or 6.0.3 to a later version

If you are using PingAccess 6.0, 6.0.1, 6.0.2, or 6.0.3, zero downtime upgrades to later versions can fail due to PKCE changes.

To prevent this issue, edit your existing web sessions and enable PKCE support.

Click Access and then click Web Sessions > Web Sessions.
Expand the web session and click .
Click Show Advanced.
Click Enable PKCE.
Edit the web session. Click Save.
Repeat these steps for each web session.

New templates for error and logout pages

PingAccess 6.1 updated several error and logout page template files to modernize their appearance and remove Ping branding:

general.loggedout.page.template.html
general.error.page.template.html
admin.error.page.template.html
policy.error.page.template.html

For more information about the templates, see User-facing page customization reference. If you have previously customized the template files, you can re-customize them using the new files.

Using a proxied PingFederate deployment

PingAccess 6.2 Beta introduced the ability to configure a proxied PingFederate deployment through PingAccess. If you have manually configured a similar deployment in an earlier version of PingAccess, you can continue to use it. If you plan to switch, review the configuration options in the proxied PingFederate deployment UI to verify that it can manage the use cases of your current configuration, and remove any PingFederate-related applications before migrating the configuration.

SPA support

The SPA support check box was removed from the Admin UI for web type applications in PingAccess 6.2. As a result, all web type applications created in the admin UI in PingAccess 6.2 and later have SPA support enabled by default. The SPA support check box is still available for API type applications and Web + API type applications. For more information, see Application field descriptions.

Note:

If the default settings for SPA support with web type applications aren't compatible with your environment or with a specific application, create an authentication challenge policy to replace these settings and achieve the desired behavior. For more information, see Configuring authentication challenge policies.