Page created: 9 Apr 2020
|
Page updated: 11 Jun 2020
PingFederate 10.0.2 is a cumulative maintenance release for PingFederate 10.0. For a full summary of the features introduced in the 10.0 release, see PingFederate 10.0 - December 2019.
Resolved issues
Ticket ID | Description |
---|---|
PF-25823 | The /oauth/clients/{id}/clientAuth/clientSecret
Administrative API endpoint now persists client secret
updates. |
PF-25813 | The SameSite cookie attribute is now set properly when using Chrome
on macOS. |
PF-25701 | Datastores used for OAuth clients or access grants are now updated after importing a configuration archive. |
PF-25668 | Accessing the EULA page on the administrative console while the system is importing a data archive through the drop-in deployer will no longer clear administrative accounts. |
PF-25633 | Mapping two authentication policy contracts to one SP connection now behaves as expected in the Administrative API when using an OGNL expression. |
PF-25513 | The PingFederate cookie pfidpaid , used to
remember a user's preferred authentication source, is now set with
the HttpOnly and Secure
flags. |
PF-25499 | Resolved an issue that prevented OAuth token exchange using the JWT Token Processor. |
PF-25492 | If a user initiates a password change request through the HTML Form Adapter twice, the password change process no longer throws an exception. |
PF-25454 | When an IdP connection authentication session has expired, the session is now revoked during single logout. |
PF-25411 | Bulk import now accepts plain-text passwords when importing key pairs. |
PF-25396 | When authenticating OAuth clients, PingFederate now correctly returns an error if the authentication method is not Client Secret but the request includes the client_secret parameter with an empty value. |
PF-25390 | Registration no longer fails when a hidden field is configured as the unique ID for a local identity profile on the local registration branch. |
PF-25378 | Fixed a problem in the Administrative API causing a NullPointerException when using GET to access a connection with a signature verification certificate that had an unknown public key type. |
PF-25144 | When a user unlocks their account with the Account Recovery direct link and then clicks continue, an unknown error no longer occurs. |
PF-24927 | Subject Alternative Name values containing numbers no longer cause validation errors when generating a certificate through the Administrative API. |