For the best possible experience, review these notes before using PingCentral 1.11.
Updated client secret generation to produce client secrets compatible with PingFederate
When creating a new client, PingCentral now generates OAuth client secrets compatible with PingFederate. For more information, see Promoting OAuth and OIDC applications.
Multiple ACS URLs
You can now configure multiple Assertion Consumer Service (ACS) URLs during SAML application creation. This new feature simplifies application development since the same application can use different URLs simultaneously. For more information, see Using SAML 2.0 templates.
Set application name
When promoting an application between environments, you can now configure an application name for OAuth and OpenID Connect (OIDC) clients, SAML connections, and PingAccess applications. For more information, see Promoting applications.
Deleting an application in PingCentral also deletes it in other environments
You can now choose to delete applications from PingFederate or PingAccess in addition to PingCentral. This feature is flexible because you can select which environments to delete the application from. For more information, see Managing applications.
Configure OAuth credentials for use instead of username and password to connect to PingFederate or PingAccess
Instead of using administrator credentials for
basic authentication, you can now configure
PingCentral
to use OAuth client credentials to connect to
PingFederate or
PingAccess.
PingCentral
will request an access_token
to
use whenever it connects to PingFederate or PingAccess. For more
information, see Configuring PingFederate and PingAccess for SSO.
Upgraded from v1 H2 database to v2
Along with other dependencies (libraries), we've upgraded the H2 database from v1 to v2. For more information, see Upgrading PingCentral.
Configure APC mappings for OIDC applications in PingFederate
PingCentral promotes access token mappings and authentication policy contracts (APCs) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PingFederate environments, applications do not function as expected.
When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established, so the configurations are invalid.
To resolve these issues, configure the APC mappings within PingFederate.
Promoting applications with authentication challenge policies
Customized authentication challenge responses, which support single-page applications, are available in PingAccess 6.2 or later. Applications with this type of policy can be added to PingCentral but cannot be promoted to another environment unless the authentication challenge policy, with the same UUID, also exists in the target environment.
SP certificates and assertion encryption certificates must be different
Environment'staging': PingFederate. This certificate either has the same ID or the same content as the certificate with index 0.
To continue the promotion, ensure that the SP certificate and the assertion encryption certificate are different.
Update truststore path if PingCentral fails to start
After upgrading to 1.8, 1.9, 1.10, or 1.11,
PingCentral
fails to start if
${pingcentral.home}
is used in
the trust store path. To prevent this from
happening, change the home path to be the absolute
trust store path and delete the
Certificates table in the
database.