New features

Ticket ID Description
PASS-933 Access token mapping information is now stored when applications are added to PingCentral and transferred into the target PingFederate instances when applications are promoted.
PASS-1528 PingCentral now supports the PostgreSQL open source relational database system.
PASS-1128 Application owners can now revert applications to previously promoted versions. The reverted version of the application will not exist outside of PingCentral until it is promoted again, at which point it will also be available in PingFederate.
PASS-2015 When using SAML templates, application owners can now provide an .xml file that could contain an Entity ID, ACS URL, certificates, attribute information, or all of this information, from a similar SAML application. Or, they can continue providing the Entity ID, ACS URL and certificates during the promotion process.
PASS-2202 After a SAML application has been promoted to an environment, the connection metadata is exported and stored as part of that application. This metadata is now available to download as an .xml file, which you can use to promote other SAML applications.
PASS-2414 You can now use Docker to deploy PingCentral. Preconfigured Docker images are available in Docker containers, which provide complete working instances of applications that are immediately available to use after they are deployed.
PASS-2839 PingCentral now promotes the first Authentication Policy Contract (APC) configured for service provider connections. In prior releases, the APC, with the same ID, was expected to already exist in the target environment for the connection promotion to succeed.
PASS-3177 Application owners can now encrypt a SAML assertion if encryption is enabled for the connection.
PASS-3262 Application owners can now customize the scopes they apply to their OAuth and OIDC applications.

Resolved issues

Ticket ID Description
PASS-2119 Protected environment text on the Environments page no longer incorrectly refers to "production" if the protected environment is not a production environment.
PASS-2740 Unverified environments no longer display when templates and applications are added to PingCentral, and when applications are promoted.
PASS-2766 Using special characters when searching on the Environments, Templates, and Users pages no longer results in a server error.
PASS-2783 The sorting feature is no longer case sensitive for applications managed within PingCentral.
PASS-2872 When updating SAML applications, PingCentral now correctly indicates whether certificates are optional.
PASS-2879 Administrators who have been deleted or demoted to an Application Owner role can no longer perform administrative tasks during an open session.
PASS-2888 After creating an environment, the user wizard can now be accessed without errors.
PASS-2925 When adding environments, users who select the Skip Verification option and enter passwords with more than 32 characters no longer receive data integrity violation errors.

Known issues

Ticket ID Description
PASS-1552 When updating a user's role, the Discard Changes button does not currently work.
PASS-1998 When an OAuth/OIDC application is promoted from PingCentral to PingFederate, the secret is captured and saved. If this application is removed from PingCentral and a new application is created with the same name, promotions to PingFederate will use the client secret provided for the original application instead of the new secret that was provided in the new application. There is currently no way to retrieve the secret that was provided for the original promotion.
PASS-2090 If SSO is configured for PingCentral and PingFederate is unavailable, PingCentral will fail to start. If this occurs, determine why PingFederate is unavailable, resolve the issue, and restart PingCentral.
PASS-2093 When SSO is enabled, custom session settings are modifiable, but are not honored.
PASS-2097 When SSO is enabled, an administrator is able to update and add users to PingCentral via the User Management page, even though it has no effect.
PASS-2122 When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor will jump down to the IDP Certificate Password field each time a key is pressed.
PASS-2468 Administrators cannot update information for users not associated with a PingCentral environment, template, or application.
PASS-2526 If PostgreSQL is set up without a database, PingCentral will fail to start. To prevent this from happening, add the database to the server prior to starting PingCentral.
PASS-2528 Users who attempt to create a SAML application without a signing key pair might receive a server error.
PASS-2819 If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field displays, but is ignored. This display could cause confusion, as users can add and generate client secrets for their applications, but the secrets are not saved as expected.
PASS-2824 Users who enter invalid application names when updating their SAML applications do not receive an error message.
PASS-3259 If an administrator adds a PingFederate environment to PingCentral that is missing a dependency, such as authentication policy or access token management (ATM) information, they will receive the following error message: Environment <pf_environment> Resource not found <missing_dependency>

To resolve this issue, either add the missing dependency to the environment in PingFederate, or remove the environment from PingCentral. Otherwise, PingCentral might become unusable.

PASS-3476 When adding SAML metadata files or URLs to applications in the edit screen, you can inadvertently save applications without any attribute mappings, including the SAML_SUBJECT attribute that is required for promotion. If you attempt to promote those applications, you will receive an error message informing you that the SAML_SUBJECT attribute is missing from the attribute contract fulfillment.

To resolve this issue, access the edit screen for the application, assign the SAML_SUBJECT attribute a value, and attempt to promote the application again.

PASS-3543 If an SP certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit screen and then access it again.
PASS-3556 The Restore button incorrectly displays for applcations promoted in version 1.2.0, as these applications cannot be restored to previous versions.
PASS-3586 If the combination of an application's Redirect URIs exceeds 255 characters, users cannot add the application to PingCentral.
PASS-3613 PingCentral now promotes access token mappings and APCs (Authentication Policy Contracts) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PF environments, applications will not function as expected.

When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.

To resolve these issues, configure the APC mappings within PingFederate.

PASS-3615 The attribute scopes within an OIDC policy must already be defined within the target environment, or the policy cannot be promoted.
PASS-3617 If you promote a SAML application with an assertion encryption certificate and then attempt to edit the application, the Save and Discard Changes buttons display on the edit screen before you make any changes, which could be misleading.

Ignore this irregularity and click the Save button, or click the Discard Changes button to exit the edit screen.

PASS-3618 If applications and environments have long names, you might not be able to see the entire list of available environments when you attempt to promote applications.

To select an environment not immediately visible from the list, continue scrolling. The entire list will eventually display, but environment names toward the bottom of the list might appear distorted.

PASS-3634 When application owners use SSO to access PingCentral, administrators cannot assign applications to them prior to the application owners ever accessing PingCentral.

However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.

PASS-3642 OAuth and OIDC applications created from templates in PingCentral version 1.0.1 used the application name as the Client ID during promotion. Starting with PingCentral version 1.2.0, the application ID is used as the Client ID.

So, if an OAuth or OIDC application is created from a PingCentral version 1.0.1 template and promoted, a new client ID will be created for the application and the old client ID will no longer be used.

PASS-3643 If the Promote button is clicked more than once when a SAML application is promoted, the application could be unintentially promoted to an environment multiple times.

To prevent this from happening, press the Enter key during the promotion process.

PASS-3644 If a PingFederate environment is added to PingCentral and becomes unavailable for any reason, no applications will display on the Applications page.

To resolve this issue, an administrator can remove the environment from PingCentral, set PingCentral to skip verification on the environment, or resolve the issues making the environment unavailable.

PASS-3645 When adding and updating SAML applications, users receive error messages if they provide a service provider metadata file that does not contain certificate information. If this occurs, ignore the message and continue to add or update the application.
PASS-3646 The names of scopes added to applications cannot contain spaces, nor can the Scopes field contain spaces before or after the scope name. If spaces exist, applications cannot be successfully promoted.
PASS-3648 When updating SAML applications, users can provide a new metadata file to replace an older version. If the new file does not contain a certificate, the certificate associated with the older version might still display.

If this occurs, click Cancel and select the .xml file again. The page will reflect the absence of a certificate after it is refreshed.

PASS-3659 When promoting SAML applications with multiple authentication policy contracts that were directly imported into PingCentral, the first contract on the list should be used. However, all contracts in the list are currently being used, which results in promotions failing if the destination environments do not contain authentication policy contracts with matching IDs.
PASS-3663 When creating templates or adding existing OAuth or OIDC applications to PingCentral, information regarding the client displays. When scopes are not restricted, the Scopes field displays None, when it should display the following message: This application uses all common scopes provided by the target environment.
PASS-3714 When searching for a scope that does not exist, the Add button incorrectly displays.
PASS-3809 Users can currently add partial scope names to the Scopes field.
PASS-3825 When searching for or adding scopes, users who enter invalid characters receive invalid scope error message instead of a message that describes the issue.