New features

Ticket ID Description


PingCentral APIs are fully supported and documented.


Spring Boot Actuator and Spring Metrics are available in PingCentral and are enabled by default. These powerful tools collect a wide variety of information that help you monitor and manage PingCentral in production environments and can be connected to your time series database in a few simple steps.

Resolved issues

Ticket ID Description


Previously, administrators could not update user information if PingCentral did not contain any environments. This issue has been resolved.


If an OAuth application is added from an environment that does not use a client secret to authenticate, the Client Secret field is no longer displayed during the promotion process.


If you promote a SAML application with an assertion encryption certificate and then attempt to edit the application, the Save and Discard Changes buttons no longer display before changes are made.


If the Promote button is clicked more than once when a SAML application is promoted to an environment, the application can no longer be unintentionally promoted multiple times.


Previously, when adding or updating SAML applications, you might have received an error message if you provided a service provider metadata file that did not contain certificate information. This issue has been resolved and the error message no longer displays.


Previously, if owner or promotion configuration information was updated for a PingAccess application, or a PingAccess application was promoted, the modified timestamp did not update. This issue has been resolved and the modified timestamp behaves as expected.


The command line upgrade script supports softlinks as a reference to the existing installation directory. Previously, the upgrade would produce a false success message if a softlink was used.


Previously, if an administrator changed an environment short code to a code that already existed, only one environment status icon displayed, which might have been misleading. Now, every environment displays a status icon, even if it has the same short code as another environment.


Previously, if PingCentral was installed as a Linux service by one user, and the upgrade was performed by another, the service might no longer start. This issue has been resolved.


When you started PingCentral 1.5, you might have received a reflective access warning message that we asked you to ignore. This version of PingCentral starts without displaying that warning.


Previously, if a password was entered for a PKCS12 (P12) file when updating the TLS key pair, a misleading error message displayed. This message has been updated and reminds you to ensure that the Key Password field contains a valid password if one is required.


When editing PingAccess applications and making changes to the context root, pressing the Enter key saves the changes made.


Previously, if you changed a template associated with a PingAccess application and clicked Cancel, the newly selected template remained on the edit page. Now, the original template displays when you click Cancel.


If unsupported PingCentral APIs are used to update a PingAccess application and the JSON is invalid, an error message displays. Previously, if the JSON was invalid, the Application page became unresponsive.


Previously, if an assertion encryption certificate was added to an application or used to promote it, the certificate did not display when the application was promoted again or when subsequent updates were made. This issue was resolved and the certificate displays as it should.


If you enter a context root that begins with the reserved context root in PingAccess (typically /pa), you receive a message that explains the issue, rather than receiving a generic Save Failed error message.


Previously, if a template was created from a PingAccess application and that application was deleted from PingAccess, you could not use that template to add applications to PingCentral. This issue was resolved and you can use all PingAccess templates to add applications to PingCentral, regardless of whether the applications on which they were based still exist.


Previously, if administrators attempted to add a PingAccess application to PingCentral while PingAccess was unavailable and they clicked the Refresh Now link, the Application page might not display any applications. This issue has been resolved and you can manage PingAccess applications in PingCentral even if PingAccess is unavailable.


Previously, if you were using a Postgres database with PingCentral and you attempted to sort applications by name when filters were applied, you might have received a server error message. This issue was resolved and sorting works as it should when filters are applied.


PingCentral generated self-signed TLS server certificates comply with MacOS Catalina requirements.

Known issues

Ticket ID Description


When single sign-on (SSO) is enabled, custom session settings are modifiable, but are not honored.


When SSO is enabled, administrators can add and update users in PingCentral through the User Management page, even though it has no effect.


When modifying an environment, if an identity provider certificate is added or updated, and then the PingFederate admin password is updated, the cursor jumps down to the IDP Certificate Password field each time a key is pressed.


If PostgreSQL is set up without a database, PingCentral fails to start. To prevent this from happening, add the database to the server before starting PingCentral.


If you enter an invalid application name when updating a SAML application, you do not receive an error message.


If a certificate is added to a SAML application and a SAML metadata file is subsequently provided that contains a certificate, additional changes to the application cannot be saved. If this occurs, exit the edit page and then access it again.


PingCentral promotes access token mappings and APCs (Authentication Policy Contracts) with OIDC applications, but the APC mappings that link the APCs to the access token managers are not currently promoted with them. If the APC mappings do not already exist in the target PingFederate environments, applications do not function as expected.

When new APCs are promoted in PingCentral, access token mapping referencing the APC is created, but persistent grant mapping is not established so the configurations are invalid.

To resolve these issues, configure the APC mappings within PingFederate.


When application owners use SSO to access PingCentral, administrators cannot assign applications to them prior to the application owners ever accessing PingCentral.

However, after they sign on to PingCentral, administrators can access their account information and assign applications to them.


If you update SAML attributes while updating other application information, the attribute information is not saved. To prevent this from happening, update the attributes and save your changes. Then, you can update additional application information.


If you add an application to PingCentral from the Applications page, unmanaged applications might display that you cannot manage.


If you filter for PingAccess applications, add a PingAccess application by using the Add to PingCentral button, and return to the Applications page, the filter might appear to be on and you might not be able to view the details for another unmanaged PingAccess application. If this occurs, refresh your browser window.


When using templates to add Web + API applications to PingCentral, you can drag rules between Web and API policies, which might cause the page to go blank. If this occurs, refresh the browser window.


Virtual resources are available in PingAccess 6.2, but are not yet available in PingCentral.


When an environment is deleted, applications that were promoted to that environment retain the promotion details from the deleted environment. PingCentral does not remove this information from applications when an environment is no longer available.


Customized authentication challenge responses, which support single-page applications, are also available in PingAccess 6.2 and highter. Applications with this type of policy can be added to PingCentral, but cannot be promoted to another environment unless the authentication challenge policy, with the same UUID, also exists in the target environment.


When using PingCentral 1.6, you might occasionally receive a reflective access warning message. You can safely ignore this message.


If administrators add users through the API and the password and confirmpassword fields are unavailable, the users are created with the PingCentral default administrator password, 2Federate. If the users are not able to sign on using this password, administrators can modify the password through the PingCentral Users page or through the API.


When creating, updating, or validating an environment through the API, you receive a server error message if the environment Name or Password fields are null or missing. API requests cannot be processed without this information, so ensure that these fields contain valid values.


When creating or validating an environment through the API, you receive a misleading error message if the PingAccess Password field is null. Rather than informing you that the information in this field is invalid, it informs you that you are unable to connect to the PingFederate admin console, which is misleading. Requests to connect PingAccess to a PingCentral environment cannot be processed without this information, so ensure that this field contains a valid value.


When creating or updating an OAuth application through the API, you receive a server error message if:

  • The redirectUris attribute contains an environment ID, but the array of associated URIs is null or missing.
  • The Type attribute is null or missing.
  • The client JSON is null or missing.

API requests cannot be processed without this information, so ensure that it is accurate.


If you attempt to add a SAML application to PingCentral from an existing application through the API, and the connection JSON contains identity attribute names and placeholders, you receive an error message advising you to nullify the Names field. However, even if you nullify this field you still receive an error message because the JSON contains placeholders. Remove these placeholders before you proceed.