Configure Microsoft Azure AD as the token provider for administrative API OAuth
Added support for OAuth tokens created by Microsoft Azure AD for administrative API OAuth. This improves account security for administrators with Microsoft Azure AD configured as the token provider and enables administrators to use their own accounts to configure PingAccess via admin API calls. Relaxed the following PingAccess requirements:
- If you're using either a common token provider or administrative token provider configuration, you can now use a local access token validator to bypass administrative API OAuth validation that checks whether the token provider supports the introspection endpoint. This is necessary because Microsoft Azure AD does not have an introspection endpoint.
- The administrative API OAuth no longer enforces whether an
administrative token contains a
scope
claim with a configurable value, because Microsoft Azure AD uses ascp
claim instead.
Map SAML tokens as HTTP request headers
Added the ability to map the SAML token received from a SAML token mediator site authenticator to an HTTP request header that you specify instead of mapping the token as a request cookie. For more information, see the Logged In Header Name field.
Fixed object ID override for key pairs and certificates imported through the administrative API
Fixed an issue that caused PingAccess to replace object IDs defined on key pairs or certificates imported through the administrative API with an auto-generated object ID.
Additionally, the POST /keyPairs/import
and POST
/certificates
API models have been updated to include more
information on how to assign an ID for these object types.
Fixed exclusion of admin API OAuth configuration from bulk export
Fixed an issue that caused admin API OAuth settings to be excluded from bulk export operations if you configure admin API OAuth with an access token validator but haven't set client credentials.