PingFederate 10.0.2 - April 2020 - PingFederate - 10.0

PingFederate Server

bundle: pingfederate-100
ft:publication_title: PingFederate Server
Product_Version_ce: PingFederate 10.0
category: Product; pf-100; pingfederate
ContentType_ce

Page created: 9 Apr 2020 |

Page updated: 11 Jun 2020

| 2 min read

PingFederate 10.0 Product

PingFederate 10.0.2 is a cumulative maintenance release for PingFederate 10.0. For a full summary of the features introduced in the 10.0 release, see PingFederate 10.0 - December 2019.

Resolved issues

Ticket ID	Description
PF-25823	The `/oauth/clients/{id}/clientAuth/clientSecret` Administrative API endpoint now persists client secret updates.
PF-25813	The `SameSite` cookie attribute is now set properly when using Chrome on macOS.
PF-25701	Datastores used for OAuth clients or access grants are now updated after importing a configuration archive.
PF-25668	Accessing the EULA page on the administrative console while the system is importing a data archive through the drop-in deployer will no longer clear administrative accounts.
PF-25633	Mapping two authentication policy contracts to one SP connection now behaves as expected in the Administrative API when using an OGNL expression.
PF-25513	The PingFederate cookie `pfidpaid`, used to remember a user's preferred authentication source, is now set with the `HttpOnly` and `Secure` flags.
PF-25499	Resolved an issue that prevented OAuth token exchange using the JWT Token Processor.
PF-25492	If a user initiates a password change request through the HTML Form Adapter twice, the password change process no longer throws an exception.
PF-25454	When an IdP connection authentication session has expired, the session is now revoked during single logout.
PF-25411	Bulk import now accepts plain-text passwords when importing key pairs.
PF-25396	When authenticating OAuth clients, PingFederate now correctly returns an error if the authentication method is not Client Secret but the request includes the client_secret parameter with an empty value.
PF-25390	Registration no longer fails when a hidden field is configured as the unique ID for a local identity profile on the local registration branch.
PF-25378	Fixed a problem in the Administrative API causing a NullPointerException when using GET to access a connection with a signature verification certificate that had an unknown public key type.
PF-25144	When a user unlocks their account with the Account Recovery direct link and then clicks continue, an unknown error no longer occurs.
PF-24927	Subject Alternative Name values containing numbers no longer cause validation errors when generating a certificate through the Administrative API.