PingAccess 7.2.1 (April 2023) - PingAccess - 7.3


PingAccess 7.3

Added RHEL 9 support to PingAccess


Added support for RHEL 9 to version 7.2 of PingAccess, and the most recent versions of the PingAccess agent for NGINX and the PingAccess agent for Apache (RHEL). For more information, see the following topics:

Added UI controls for risk policy configuration


Added two new pages in the administrative console, PingOne Connections and Risk Policies, as well as new configuration options on the Application and Application Resource tabs. These UI controls simplify the process of setting up a PingOne Protect integration for web applications. For more information, see the following topics:

PingOne risk policy integration maps user-agent header manually


PingAccess wasn't sending the browser.userAgent parameter to PingOne Protect because PingAccess doesn't currently support device profiling (which would normally collect this parameter). In the absence of device profiling, PingAccess now attempts to map this parameter manually and send it to PingOne Protect.

Redirect and templated authentication challenges now set PingAccess cookies


PingAccess now proactively sets web session cookies for Redirect and Templated authentication challenges when you select the Append Redirect Parameters check box on one of those two challenge generators. Adding web session cookies helps the frontend application to interpret redirect or templated challenge responses and begin the appropriate authentication procedure.

Improved vague error response message when PingOne Credential is blank or null


The response message PingAccess returns for errors generated when an administrator adds or updates a PingOne connection has been improved to specify that the credential must not be null, empty, or blank.

Adjusted agent token cache TTLs to reflect risk policy evaluation intervals


Corrected an issue with token cache time to lives (TTLs) on agent applications that use the PingOne Protect integration. The agent token cache TTLs no longer prioritize an application's web session Idle Timeout over the Risk Check Interval or Authentication Validity Period defined in the application's risk policy.

Fixed default removal of active session state cookies from requests


Corrected an issue where PingAccess would remove active session state cookies from requests by default. If a component relies on the session state cookie, its absence can cause unexpected behavior, so PingAccess now removes session state cookies conditionally.