New features, resolved issues, and new known issues are listed and described here. For the best possible experience, review this information prior to using PingCentral.
|Access token mapping information is now stored when applications are added to PingCentral and transferred into the target PingFederate instances when applications are promoted.
|Application owners can now revert applications to previously promoted versions. The reverted version of the application will not exist outside of PingCentral until it is promoted again, at which point it will also be available in PingFederate.
|PingCentral now supports the PostgreSQL open source relational database system.
|When using SAML templates, application owners can now provide an .xml file that could contain an Entity ID, ACS URL, certificates, attribute information, or all of this information, from a similar SAML application. Or, they can continue providing the Entity ID, ACS URL and certificates during the promotion process.
|After a SAML application has been promoted to an environment, the connection metadata is exported and stored as part of that application. This metadata is now available to download as an .xml file, which you can use to promote other SAML applications.
|You can now use Docker to deploy PingCentral. Preconfigured Docker images are available in Docker containers, which provide complete working instances of applications that are immediately available to use after they are deployed.
|PingCentral now promotes the first Authentication Policy Contract (APC) configured for service provider connections. In prior releases, the APC, with the same ID, was expected to already exist in the target environment for the connection promotion to succeed.
|Application owners can now encrypt a SAML assertion if encryption is enabled for the connection.
|Application owners can now customize the scopes they apply to their OAuth and OIDC applications.
|Protected environment text on the Environments page no longer incorrectly refers to "production" if the protected environment is not a production environment.
|Unverified environments no longer display when templates and applications are added to PingCentral, and when applications are promoted.
|Using special characters when searching on the Environments, Templates, and Users pages no longer results in a server error.
|The sorting feature is no longer case sensitive for applications managed within PingCentral.
|When updating SAML applications, PingCentral now correctly indicates whether certificates are optional.
|Administrators who have been deleted or demoted to an Application Owner role can no longer perform administrative tasks during an open session.
|After creating an environment, the user wizard can now be accessed without errors.
|When adding environments, users who select the Skip Verification option and enter passwords with more than 32 characters no longer receive data integrity violation errors.
|When updating a user's role, the Discard Changes button does not currently work.
|If SSO is configured for PingCentral and PingFederate is unavailable, PingCentral will fail to start. If this occurs, determine why PingFederate is unavailable, resolve the issue, and restart PingCentral.
|When SSO is enabled, custom session settings are modifiable, but are not honored.
|When SSO is enabled, an administrator is able to update and add users to PingCentral via the User Management page, even though it has no effect.
|When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor will jump down to the IDP Certificate Password field each time a key is pressed.
|Administrators cannot update user information if PingCentral does not contain any environments.
|If PostgreSQL is set up without a database, PingCentral will fail to start. To prevent this from happening, add the database to the server prior to starting PingCentral.
|Users who attempt to create a SAML application without a signing key pair might receive a server error.
|If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field displays, but is ignored. This display could cause confusion, as users can add and generate client secrets for their applications, but the secrets are not saved as expected.
|Users who enter invalid application names when updating their SAML applications do not receive an error message.
|If an administrator adds a PingFederate environment to PingCentral that is missing a
dependency, such as authentication policy or access token
management (ATM) information, they will receive the following
error message: Environment
<pf_environment> Resource not
To resolve this issue, either add the missing dependency to the environment in PingFederate, or remove the environment from PingCentral. Otherwise, PingCentral might become unusable.
|When adding SAML metadata files or URLs to applications in
the edit screen, you can inadvertently save applications without
any attribute mappings, including the SAML_SUBJECT attribute
that is required for promotion. If you attempt to promote those
applications, you will receive an error message informing you
that the SAML_SUBJECT attribute is missing from the attribute
To resolve this issue, access the edit screen for the application, assign the SAML_SUBJECT attribute a value, and attempt to promote the application again.
|If an SP certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit screen and then access it again.
|The Restore button incorrectly displays for applcations promoted in version 1.2.0, as these applications cannot be restored to previous versions.
|If the combination of an application's Redirect URIs exceeds 255 characters, users cannot add the application to PingCentral.
|PingCentral now promotes access token mappings and APCs
(Authentication Policy Contracts) with OIDC applications, but
the APC mappings that link the APCs to the access token managers
are not currently promoted with them. If the APC mappings do not
already exist in the target PF environments, applications will
not function as expected.
When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.
To resolve these issues, configure the APC mappings within PingFederate.
|The attribute scopes within an OIDC policy must already be defined within the target environment, or the policy cannot be promoted.
|If you promote a SAML application with an assertion
encryption certificate and then attempt to edit the application,
the Save and Discard
Changes buttons display on the edit screen
before you make any changes, which could be misleading.
Ignore this irregularity and click the Save button, or click the Discard Changes button to exit the edit screen.
|If applications and environments have long names, you might
not be able to see the entire list of available environments
when you attempt to promote applications.
To select an environment not immediately visible from the list, continue scrolling. The entire list will eventually display, but environment names toward the bottom of the list might appear distorted.
|When application owners use SSO to access PingCentral,
administrators cannot assign applications to them prior to the
application owners ever accessing PingCentral.
However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.
|If the Promote button is clicked more
than once when a SAML application is promoted, the application
could be unintentially promoted to an environment multiple
To prevent this from happening, press the Enter key during the promotion process.
|If a PingFederate environment is added to PingCentral and
becomes unavailable for any reason, no applications will display
on the Applications page.
To resolve this issue, an administrator can remove the environment from PingCentral, set PingCentral to skip verification on the environment, or resolve the issues making the environment unavailable.
|When adding and updating SAML applications, users receive error messages if they provide a service provider metadata file that does not contain certificate information. If this occurs, ignore the message and continue to add or update the application.
|The names of scopes added to applications cannot contain spaces, nor can the Scopes field contain spaces before or after the scope name. If spaces exist, applications cannot be successfully promoted.
|When updating SAML applications, users can provide a new
metadata file to replace an older version. If the new file does
not contain a certificate, the certificate associated with the
older version might still display.
If this occurs, click Cancel and select the .xml file again. The page will reflect the absence of a certificate after it is refreshed.
|When promoting SAML applications with multiple authentication policy contracts that were directly imported into PingCentral, the first contract on the list should be used. However, all contracts in the list are currently being used, which results in promotions failing if the destination environments do not contain authentication policy contracts with matching IDs.
|When creating templates or adding existing OAuth or OIDC applications to PingCentral, information regarding the client displays. When scopes are not restricted, the Scopes field displays None, when it should display the following message: This application uses all common scopes provided by the target environment.
|When searching for a scope that does not exist, the Add button incorrectly displays.
|Users can currently add partial scope names to the Scopes field.
|When searching for or adding scopes, users who enter invalid characters receive invalid scope error message instead of a message that describes the issue.