New features, resolved issues, and known issues are listed and described here. For the best possible experience, review this information prior to using PingCentral.
|During the PingCentral upgrade process, the upgrade utility merges the new version of the application.properties file with the older version, preserving property values previously customized.
|You can upgrade to PingCentral version 1.4.0 directly from
either version 1.2.0 or 1.3.0. Files that were not modified
since they were initially installed are overwritten with new
versions during the upgrade process. Note the following:
|Administrators can add existing PingAccess applications to PingCentral. For more information, see Adding PingAccess applications.
|Application owners can promote PingAccess applications to other PingAccess environment tiers and apply environment configuration dependencies, such as web sessions, identity mapping, virtual hosts, sites, and agents.
|Administrators can add PingAccess environment instances to PingCentral. For more information, see Environment Management.
|Protected environment text on the Environments page no longer incorrectly refers to "production" if the protected environment is not a production environment.
|The Restore button is now hidden for applications promoted in version 1.2.0.
|Previously, if the combination of an application's Redirect URIs exceeded 255 characters, users could not add the application to PingCentral. This character limitation was removed for this release, which resolved the issue.
|If a PingFederate environment is added to PingCentral and becomes unavailable for any reason, the Applications page is no longer empty.
|Scope names cannot contain spaces, so users are now prevented from adding scopes with spaces in the name to their applications.
|When updating SAML applications, users can provide a new metadata file to replace an older version. If the new file contains a certificate, the correct certificate now displays.
|When promoting SAML applications with multiple authentication policy contracts that were directly imported into PingCentral, the first contract on the list is used, as intended, and promotion failures no longer occur.
|When creating templates or adding existing OAuth or OIDC applications to PingCentral and scopes are not restricted, the Scopes field correctly displays the following message: This application uses all common scopes provided by the target environment.
|When searching for a scope that does not exist, the Add button no longer incorrectly displays.
|Users can no longer add a partial scope name to theScopes field.
|When searching for or adding scopes, users will now receive an appropriate error message when they enter invalid characters.
|When updating a user's role, the Discard Changes button does not currently work.
|If SSO is configured for PingCentral and PingFederate is unavailable, PingCentral will fail to start. If this occurs, determine why PingFederate is unavailable, resolve the issue, and restart PingCentral.
|When SSO is enabled, custom session settings are modifiable, but are not honored.
|When SSO is enabled, an administrator is able to update and add users to PingCentral via the User Management page, even though it has no effect.
|When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor will jump down to the IDP Certificate Password field each time a key is pressed.
|Administrators cannot update user information if PingCentral does not contain any environments.
|If PostgreSQL is set up without a database, PingCentral will fail to start. To prevent this from happening, add the database to the server prior to starting PingCentral.
|Users who attempt to create a SAML application without a signing key pair might receive a server error.
|If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field displays, but is ignored. This display could cause confusion, as users can add and generate client secrets for their applications, but the secrets are not saved as expected.
|Users who enter invalid application names when updating their SAML applications do not receive an error message.
|If an administrator adds a PingFederate environment to
PingCentral that is missing a dependency, such as authentication
policy or access token management (ATM) information, they will
receive the following error message: Environment
<pf_environment> Resource not
To resolve this issue, either add the missing dependency to the environment in PingFederate, or remove the environment from PingCentral. Otherwise, PingCentral might become unusable.
|When adding SAML metadata files or URLs to applications in
the edit screen, you can inadvertently save applications without
any attribute mappings, including the SAML_SUBJECT attribute
that is required for promotion. If you attempt to promote those
applications, you will receive an error message informing you
that the SAML_SUBJECT attribute is missing from the attribute
To resolve this issue, access the edit screen for the application, assign the SAML_SUBJECT attribute a value, and attempt to promote the application again.
|If an SP certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit screen and then access it again.
|If only one environment exists when you create a SAML application, and that environment is deleted, the Applications page will crash. If this occurs, add an environment directly to /pass/main/environments.
|PingCentral promotes access token mappings and APCs
(Authentication Policy Contracts) with OIDC applications, but
the APC mappings that link the APCs to the access token managers
are not currently promoted with them. If the APC mappings do not
already exist in the target PF environments, applications will
not function as expected.
When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.
To resolve these issues, configure the APC mappings within PingFederate.
|The attribute scopes within an OIDC policy must already be defined within the target environment, or the policy cannot be promoted.
|If you promote a SAML application with an assertion
encryption certificate and then attempt to edit the application,
the Save and Discard
Changes buttons display on the edit screen
before you make any changes, which could be misleading.
Ignore this irregularity and click the Save button, or click the Discard Changes button to exit the edit screen.
|If applications and environments have long names, you might
not be able to see the entire list of available environments
when you attempt to promote applications.
To select an environment not immediately visible from the list, continue scrolling. The entire list will eventually display, but environment names toward the bottom of the list might appear distorted.
|When application owners use SSO to access PingCentral,
administrators cannot assign applications to them prior to the
application owners ever accessing PingCentral.
However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.
|If the Promote button is clicked more than once when a SAML application is promoted, the application could be unintentionally promoted to an environment multiple times. To prevent this from happening, press the Enter key during the promotion process.
|When adding and updating SAML applications, users receive error messages if they provide a service provider metadata file that does not contain certificate information. If this occurs, ignore the message and continue to add or update the application.
|If you update SAML attributes while updating other application information, the attribute information will not be saved. To prevent this from happening, update the attributes and save your changes. Then you can update additional application information.
|If owner or promotion configuration information is updated for a PingAccess application, or a PingAccess application is promoted, the modified timestamp does not update as it should, which could be deceiving if the list of applications is sorted by modified date. However, if a PingAccess application name or description is updated, the modified timestamp behaves as expected.
|If you add an application to PingCentral from the Applications page, unmanaged applications might display that you cannot manage.
|When adding PingFederate and PingAccess environments, you might receive an inaccurate messages stating that you successfully connected to PingFederate when you opted to skip the verification. Likewise, you might not receive a message stating that you have successfully connected to PingAccess when you have. To determine the status of the environments, access the Environments page and review the status of the environments to determine which are connected.
|If you filter for PingAccess applications, add a PingAccess application by using the Add to PingCentral button, and return to the Applications page, the filter might appear to be on and you might not be able to view the details for another unmanaged PingAccess application. If this occurs, refresh your browser window.
|Users cannot promote a PingAccess application to an environment where an application with the same name is already present, but has a different destination type (agent or site). The promotion will fail and an error message displays stating that an ID for the existing destination type is required. If this occurs, administrators can manually update the destination within PingAccess to match the application defined in PingCentral.
|If PingCentral is installed as a service, installation files are stored in a local directory, such as /usr/local/pingcentral-1-1.3.0/. When using the command line to upgrade to version 1.4.0, ensure that the existing parameter points to the direct path of the previous installation, and not to the softlink path, which appears first. Selecting the softlink path results in the installation failing even though a success message displays.
|If PingCentral was installed as a Linux service by one user,
and the upgrade is performed by another, the service might no
longer start. To resolve this issue, run the following command
to update the installation files to match the existing
Where the user and group match the existing installation.For example:
chown -R pingcentral:pingcentral
|If a PingFederate application was created from a template in a PingFederate version higher than the version to which it is being promoted, the promotion will fail. For example, if the template was created from a PingFederate version 10.1 application, and you promote it to a PingFederate 9.2.3 environment, the promotion will fail.