PingAccess 7.1 (June 2022) - PingAccess - 7.2

A new capability lets you configure and download an engine node registration file from the PingAccess UI. You can put this file on an engine node when it is first started to automatically register the engine node. For more information, see Configuring engine nodes using an auto-registration file.

Authentication requirements rules now include an option for maximum age. If the user has not authenticated within the specified timeframe, they are prompted to reauthenticate. For more information, see Adding an authentication requirements rule.

Ping Identity provides a plugin for Kong Gateway that enables PingAccess (and other Ping Identity products) to be used for policy decisions. For more information, see Kong API Gateway Integration.

PingAccess, when protecting applications as a gateway, adds support for protecting applications that rely on Integrated Windows Authentication (IWA). This gives IAM teams consistent, centralized access control and visibility for IWA-based applications, similar to their WAM-based applications (PingAccess does not mediate authentication methods for IWA-based applications. Authentication is negotiated between the browser and the IWA-based application, passing through PingAccess). For more information, see IWA Integration.

A new SPA Support Disabled Authentication Challenge Policy (ACP) has been added that behaves the same as previously seen when Applications were set with SPA Support disabled. Additionally, added an ability to define a default ACP to be set when creating new applications in the PingAccess administrative UI. For more information, see changes to Application field descriptions and System defaults, and Configuring authentication challenge policies.

The PingAccess Runtime Authentication Challenge Policy behavior is modified to incorporate a default CSP header in the response. Additionally, default content-security-policy headers have been added for various error responses generated by PingAccess. For more information, see changes to Configuration file reference.

PingAccess can authenticate to PingFederate administrative APIs using OAuth2 by sending a bearer token in the requests PingAccess makes to the PingFederate administrative API. For more information, see Configuring PingFederate administration.

Fixed a potential security issue with basic authentication.

Fixed a potential security issue.

Fixed a potential security issue.

Fixed a potential security issue.

Fixed a potential security issue.

PingAccess upgraded to Log4j version 2.17.1.

Added a default memory limit on the CSD tool.

Fixed an issue that restricted the available certificate IDs for agents, engines, and replica administrative nodes.

Fixed an issue that prevented an authentication requirements list from correctly displaying the related authentication requirements rule after an attempt to edit it.

Fixed an issue where PingAccess could not use non-FIPS HSM key pairs at runtime.

Resolved an issue by disabling the DB password check in Derby.

Fixed an issue where nonce cookies were not removed when SLO is not enabled.

Fixed an issue with API swagger where the GET Response Class Models and Operational Models did not reflect the actual response.

Fixed an issue where custom load balancing strategies that returned custom TargetHosts would result in runtime exceptions.

Fixed an issue where the rule.error.headers additional headers did not display from policy rule results.

BC-FIPS and HSMs are not supported when using Java 17.

If a client certificate has a certificate revocation list (CRL) DistributionPoint that points to an extremely large CRL, PingAccess might suffer from high memory usage leading to Out of memory (OOM) exceptions.