The following issues have been resolved with this release of the PingDirectoryProxy Server:
Added the ability to reset user passwords with a single-use, time-limited token that is delivered to the end user through some out-of-band mechanism like SMS or email. After determining the identity of the user for whom the password reset token should be generated, an application can use the new "deliver password reset token" extended operation to cause the server to create and deliver the token to the user. This token can then be provided to the "password modify" extended operation in lieu of the user's current password in order to allow that user to select a new password. Password reset tokens can optionally permit users to reset their passwords even if their account is not usable (for example, because their account is locked or their password is expired).
Added features to allow clients to better determine the set of requirements that the server will impose for user passwords. The get password quality requirements extended operation can be used to retrieve information about the requirements before an attempted password change. Those requirements can be conveyed to the end user, and can potentially be used to enable some types of client-side validation to identify problems with a password before it is sent to the server. The password validation details request control can be included in an add request, a modify request, or a password modify extended request to identify which specific validation requirements may not have been met by the password provided in the request.
Password validators can be configured with user-friendly messages that better describe the constraints that the validator will impose for passwords, and that the validator should return if a proposed password does not satisfy those constraints. The server will generate these messages if they are not provided in the configuration.
Updated the Configuration API output where properties and their values are listed to include those that are undefined.
The setup tool has been updated to use HTTPS when configuring the HTTP Connection Handler(s). Unsecure HTTP can be enabled post-setup, or by using non-interactive setup.
Updated the server to automatically monitor and report the length of time each operation spends waiting in the work queue before a worker thread can begin to process it.
Addressed cases where some messages may be suppressed in logs and alerts.
Updated UnboundID work queue processing to log expensive work queue operations and diagnostic thread stack traces when a queue backlog alarm is raised.
SCIM, through proxy, does not support pagination. Pagination requires the use of VLV and Server Side Sort controls, which are not natively supported by the Identity Proxy Server. The SCIM proxy configuration script incorrectly included these controls in the ACI and supported controls sections. These have now been removed.
The server can now detect an "out of file handles" situation on the operating system, and shut down to prevent running in an unreliable state.
Fixed an issue that would result in long server startup when many locations and load balancing algorithms are defined.