Resolved issues

Ticket ID Description
PF-24424 Added a configurable field called Trim username spaces for search to the LDAP password credential validator. When the field is enabled, leading and trailing spaces are removed from the username in the search filter and in the returned username attribute. When creating new LDAP password credential validators, this field is enabled by default.
PF-25388 When PingFederate is configured with non-native administrative console authentication, the engine nodes in a cluster no longer try to authenticate to the backend service using the mode configured for the console node.
PF-25640 When a user is a member of multiple provisioning groups managed by different channels, removing the user from the group that provisioned them will no longer immediately de-provision the user. Instead, when the provisioning cycle runs, PingFederate re-assigns the user to a different channel. PingFederate might update the user attributes if the new channel has a different attribute mapping.
PF-26042 During a device authorization flow, PingFederate now returns an error when an OAuth client uses a client_id to get an access token that does not match the client_id it used to get the device_code.
PF-26089 The administrative API and OAuth client management service now return only current client lists.
PF-26126 The authentication API redirectless flow now supports self-service password reset with authentication policies.
PF-26242 During a user authentication or password change, if CAPTCHA is enabled and the CAPTCHA response is empty, PingFederate now shows a CAPTCHA error instead of a null pointer exception.
PF-26275 The OAuth access grant management service can now GET and DELETE grants assigned to disabled OAuth clients.
PF-26543 Resolved a PingFederate 10.1 issue that affected the performance of authentication and session creation in clustered environments.
PF-26563 For OAuth and OIDC administrative authentication, PingFederate now validates the endpoints in the OAuth and OIDC properties files to ensure that they are HTTPS. However, the OIDC end.session.endpoint still does not require HTTPS.
PF-26598 Updated jackson-databind to version
PF-26599 The pfbrowserid cookie is now set with the secure and httponly flags.
PF-26624 PingFederate 10.1 templates now load correctly when you have a CIBA authenticator configured with the PingID SDK adapter 1.6.
PF-26641 After you import a certificate signing response into a certificate, PingFederate now persists the updated certificate.
PF-26643 Improved PingFederate's performance when processing scopes and scope groups during end user requests.
PF-26651 Rescinded the requirement, introduced in PingFederate 10.1, to obfuscate the values of client secrets used for OIDC and OAuth administrative authentication. Instead, now when PingFederate reads a plain text value for an OIDC, OAuth, LDAP, or RADIUS shared secret property, it logs a WARN level message that the value should be obfuscated.
PF-26659 On the administrative console, when you change settings and then click Save, now the console shows a message stating whether PingFederate saved the new settings. Also, resolved some minor UI issues.
PF-26678 Updated the Apache Commons IO library in the PingFederate Upgrade Utility to version 2.5.
PF-26796 The IdP-discovery common domain cookie is now set with the secure and httponly flags.
PF-26797 Resolved an issue that caused the Show Me Around tutorial to appear each time the user logs in to PingFederate, even if the user had finished the tutorial, or had clicked Dismiss or the X icon on the tutorial's popup.
PF-26828 On the Authorization server settings window, the CORS Allowed Origins setting now supports non-HTTP/HTTPS formatted values (registered schemes).
PF-26844 Resolved an issue introduced in PingFederate 10.1 that prevented it from correctly storing the user ID of the IdP connection's authentication source in the pf-connected-identity attribute.
PF-26853 Resolved a potential security vulnerability described in security bulletin SECBL017 on the Ping Identity Support website.
PF-26868 Improved logging surrounding access grant manager JDBC interactions.