PingAuthorize 9.3 (June 2023) - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

Exercise fine-grained control over Policy Editor changes using self-governance

New
Build self-governance policies to manage access to your Policy Editor entities and operations. This allows you to protect against unauthorized or accidental application policy changes. For more information, see Self-governance.

Simpler OAuth token handling for PIPs using HTTP services

New

To reduce configuration complexity and time to production when connecting to HTTP services that require OAuth authentication, configure the Client Credentials flow to handle tokens directly from a token endpoint. For more information, see HTTP services.

Copy Policy Editor entities for faster configuration

New
To build your authorization logic more quickly and accurately, you can make editable copies of many of your Policy Editor entities, including items in the Trust Framework, Policy Manager, and Library. For more information, see Copying Policy Editor entities.

New authorization comparators for IP subnet ranges

New
With the new In CIDR Block and Not In CIDR Block comparators, you can check whether a user’s IP address is in, or not in, a defined subnet range. These comparators make it easier to add network information checks to your zero trust policies. IPv4 and IPv6 addresses are supported. For more information, see Conditions.

Added a property that lets you control servlet information

New
Added the include-servlet-information-in-error-pages configuration property to give you control over whether servlet information gets printed on HTTP error pages or remains hidden (by default).

Apache Camel services have been removed

Info
To enhance overall security for PingAuthorize, Camel services have been removed from the default configuration. If your policies depend upon Camel, see Apache Camel availability for more information.

Validate token signatures and claims in policy

Improved
You can now validate JWT signatures and claims in the authorization layer, adding defense in depth and allowing you to build policy and rule logic around genuine tokens. Enhances support for PDP API use cases. For more information, see Conditions.

Better control over statements in decision outcomes

Improved
You now have more control over whether statements are included in decision outcomes and the way statements propagate through decision evaluations. This makes it easier to provide information in decision responses, such as reasons for both permit and deny decisions and risk evaluation feedback. For more information, see Statements.

Add parent resolvers to attributes more quickly

Improved
To reduce the number of clicks needed to add a parent resolver to a Trust Framework attribute, we added the + Add Parent Resolver button.

Better targeting for regex-replace-attributes

Improved
We added the ability to target individual attributes using the regex-replace-attributes statement for a more precise modification of the payload. For more information, see Regex Replace Attributes.

Clarified WARN logs by migrating slow methods

Improved
We made WARN logging easier to interpret by changing the logging level for slow methods from WARN to DEBUG.

More resilient audit logging in the Policy Editor

Improved
We updated the default configuration for the decision-audit log to make audit logging more resilient.

Timeouts improved for replication enable and remove defunct server operations

Improved
Improved various timeouts for replication enable and remove defunct server operations to scale with the size of the topology. Smaller sized topologies should not be impacted by these changes.

Improved how a backup of the config backend is handled

Improved
If during a backup of the config backend, a file is deleted from the config/archived-configs directory, that deleted file will now be ignored instead of causing the backup to fail.

Added a missing field value in Policy Editor audit logging

FixedPAZ-7026
We fixed an audit logging issue where ADMIN_POINT_AUDIT was not logging the operation field.

Fixed the Add Statement list display

FixedPAZ-801
We fixed a display issue where the Add Statement drop-down list was running off of the page and couldn't be fully accessed.

Corrected the linking behavior for Identity Properties

FixedPAZ-4247
We fixed an issue where clicking the linked Identity Properties in Identity Classes or Identity Providers didn’t open the Identity Properties editor.

Fixed a NullPointerException for URIs without hosts

FixedPAZ-7826
We fixed an issue where JSON response bodies containing URIs without hosts would produce a NullPointerException when PingAuthorize was configured in gateway mode.