Page created: 9 Apr 2020 |
Page updated: 11 Jun 2020
PingFederate 10.0.2 is a cumulative maintenance release for PingFederate 10.0. For a full summary of the features introduced in the 10.0 release, see PingFederate 10.0 - December 2019.
Administrative API endpoint now persists client secret
SameSite cookie attribute is now set properly when using Chrome
|Datastores used for OAuth clients or access grants are now updated after importing a configuration archive.
|Accessing the EULA page on the administrative console while the system is importing a data archive through the drop-in deployer will no longer clear administrative accounts.
|Mapping two authentication policy contracts to one SP connection now behaves as expected in the Administrative API when using an OGNL expression.
|The PingFederate cookie
pfidpaid, used to
remember a user's preferred authentication source, is now set with
|Resolved an issue that prevented OAuth token exchange using the JWT Token Processor.
|If a user initiates a password change request through the HTML Form Adapter twice, the password change process no longer throws an exception.
|When an IdP connection authentication session has expired, the session is now revoked during single logout.
|Bulk import now accepts plain-text passwords when importing key pairs.
|When authenticating OAuth clients, PingFederate now correctly returns an error if the authentication method is not Client Secret but the request includes the client_secret parameter with an empty value.
|Registration no longer fails when a hidden field is configured as the unique ID for a local identity profile on the local registration branch.
|Fixed a problem in the Administrative API causing a NullPointerException when using GET to access a connection with a signature verification certificate that had an unknown public key type.
|When a user unlocks their account with the Account Recovery direct link and then clicks continue, an unknown error no longer occurs.
|Subject Alternative Name values containing numbers no longer cause validation errors when generating a certificate through the Administrative API.