New features

Ticket ID Description

PASS-2840

PingCentral APIs are fully supported and documented.

PASS-4708

Spring Boot Actuator and Spring Metrics are available in PingCentral and are enabled by default. These powerful tools collect a wide variety of information that help you monitor and manage PingCentral in production environments and can be connected to your time series database in a few simple steps.

Resolved issues

Ticket ID Description

PASS-2468

Previously, administrators could not update user information if PingCentral did not contain any environments. This issue has been resolved.

PASS-2819

If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field is no longer displayed during the promotion process.

PASS-3617

If you promote a SAML application with an assertion encryption certificate and then attempt to edit the application, the Save and Discard Changes buttons no longer display before changes are made.

PASS-3643

If the Promote button is clicked more than once when a SAML application is promoted to an environment, the application can no longer be unintentionally promoted multiple times.

PASS-3645

Previously, when adding or updating SAML applications, you might have received an error message if you provided a service provider metadata file that did not contain certificate information. This issue has been resolved and the error message no longer displays.

PASS-4174

Previously, if owner or promotion configuration information was updated for a PingAccess application, or a PingAccess application was promoted, the modified timestamp did not update. This issue has been resolved and the modified timestamp behaves as expected.

PASS-4300

The command line upgrade script supports softlinks as a reference to the existing installation directory. Previously, the upgrade would produce a false success message if a softlink was used.

PASS-4304

Previously, if an administrator changed an environment short code to a code that already existed, only one environment status icon displayed, which might have been misleading. Now, every environment displays a status icon, even if it has the same short code as another environment.

PASS-4305

Previously, if PingCentral was installed as a Linux service by one user, and the upgrade was performed by another, the service might no longer start. This issue has been resolved.

PASS-4376

When you started PingCentral 1.5, you might have received a reflective access warning message that we asked you to ignore. This version of PingCentral starts without displaying that warning.

PASS-4460

Previously, if a password was entered for a PKCS12 (P12) file when updating the TLS key pair, a misleading error message displayed. This message has been updated and reminds you to ensure that the Key Password field contains a valid password if one is required.

PASS-4579

When editing PingAccess applications and making changes to the context root, pressing the Enter key saves the changes made.

PASS-4583

Previously, if you changed a template associated with a PingAccess application and clicked Cancel, the newly selected template remained on the edit page. Now, the original template displays when you click Cancel.

PASS-4615

If unsupported PingCentral APIs are used to update a PingAccess application and the JSON is invalid, an error message displays. Previously, if the JSON was invalid, the Application page became unresponsive.

PASS-4619

Previously, if an assertion encryption certificate was added to an application or used to promote it, the certificate did not display when the application was promoted again or when subsequent updates were made. This issue was resolved and the certificate displays as it should.

PASS-4660

If you enter a context root that begins with the reserved context root in PingAccess (typically /pa), you receive a message that explains the issue, rather than receiving a generic Save Failederror message.

PASS-4668

Previously, if a template was created from a PingAccess application and that application was deleted from PingAccess, you could not use that template to add applications to PingCentral. This issue was resolved and you can use all PingAccess templates to add applications to PingCentral, regardless of whether the applications on which they were based still exist.

PASS-4685

Previously, if administrators attempted to add a PingAccess application to PingCentral while PingAccess was unavailable and they clicked the Refresh Now link, the Application page might not display any applications. This issue has been resolved and you can manage PingAccess applications in PingCentral even if PingAccess is unavailable.

PASS-4688

Previously, if you were using a Postgres database with PingCentral and you attempted to sort applications by name when filters were applied, you might have received a server error message. This issue was resolved and sorting works as it should when filters are applied.

PASS-4805

PingCentral generated self-signed TLS server certificates comply with MacOS Catalina requirements.

Known issues

Ticket ID Description

PASS-2093

When single sign-on (SSO) is enabled, custom session settings are modifiable, but are not honored.

PASS-2097

When SSO is enabled, administrators can add and update users in PingCentral through the User Management page, even though it has no effect.

PASS-2122

When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor jumps down to the IDP Certificate Password field each time a key is pressed.

PASS-2526

If PostgreSQL is set up without a database, PingCentral fails to start. To prevent this from happening, add the database to the server before starting PingCentral.

PASS-2824

If you enter an invalid application name when updating a SAML application, you do not receive an error message.

PASS-3543

If a certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit page and then access it again.

PASS-3613

PingCentral promotes access token mappings and APCs (Authentication Policy Contracts) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PF environments, applications do not function as expected.

When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.

To resolve these issues, configure the APC mappings within PingFederate.

PASS-3634

When application owners use SSO to access PingCentral, administrators cannot assign applications to them prior to the application owners ever accessing PingCentral.

However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.

PASS-3830

If you update SAML attributes while updating other application information, the attribute information is not saved. To prevent this from happening, update the attributes and save your changes. Then, you can update additional application information.

PASS-4249

If you add an application to PingCentral from the Applications page, unmanaged applications might display that you cannot manage.

PASS-4280

If you filter for PingAccess applications, add a PingAccess application by using the Add to PingCentral button, and return to the Applications page, the filter might appear to be on and you might not be able to view the details for another unmanaged PingAccess application. If this occurs, refresh your browser window.

PASS-4633

When using templates to add Web + API applications to PingCentral, you can drag rules between Web and API policies, which might cause the page to go blank. If this occurs, refresh the browser window.

PASS-4807

Virtual resources are available in PingAccess 6.2, but are not yet available in PingCentral.

PASS-4893

When an environment is deleted, applications that were promoted to that environment retain the promotion details from the deleted environment. PingCentral does not remove this information from applications when an environment is no longer available.

PASS-4948

Customized authentication challenge responses, which support single-page applications, are also available in PingAccess 6.2+. Applications with this type of policy can be added to PingCentral, but cannot be promoted to another environment unless the authentication challenge policy, with the same UUID, also exists in the target environment.

PASS-4956

When using PingCentral 1.6, you might occasionally receive a reflective access warning message. You can safely ignore this message.

PASS-4994

If administrators add users through the API and the password and confirmpassword fields are unavailable, the users are created with PingCentral's default administrator password, 2Federate. If the users are not able to sign on using this password, administrators can modify the password through the PingCentral Users page or through the API.

PASS-5001

When creating, updating, or validating an environment through the API, you receive a server error message if the environment Name or Password fields are null or missing. API requests cannot be processed without this information, so ensure that these fields contain valid values.

PASS-5002

When creating or validating an environment through the API, you receive a misleading error message if the PingAccess Password field is null. Rather than informing you that the information in this field is invalid, it informs you that you are unable to connect to the PingFederate admin console, which is misleading. Requests to connect PingAccess to a PingCentral environment cannot be processed without this information, so ensure that this field contains a valid value.

PASS-5004

When creating or updating an OAuth application through the API, you receive a server error message if:

  • The redirectUris attribute contains an environment ID, but the array of associated URIs is null or missing.
  • The Type attribute is null or missing.
  • The client JSON is null or missing.

API requests cannot be processed without this information, so ensure that it is accurate.

PASS-5009

If you attempt to add a SAML application to PingCentral from an existing application through the API, and the connection JSON contains identity attribute names and placeholders, you receive an error message advising you to nullify the Names field. However, even if you nullify this field you still receive an error message because the JSON contains placeholders. Remove these placeholders before you proceed.