Page created: 21 Jan 2020 |
Page updated: 27 Sep 2022
Several specific modifications since version 10.0 might affect existing deployments.
- Expression Admin role
- When upgrading to PingFederate 10.1 from a previous version, administrative users who were granted the Admin role in the earlier installation are granted the Expression Admin role automatically. You can achieve the same result by using the /bulk/import administrative API endpoint to bulk-import a configuration that was bulk-exported from PingFederate 10.0.
- Additionally, all four administrative roles, namely User Admin, Admin, Expression
Admin, and Crypto Admin, are required to access and make changes through the
/configStoreadministrative API endpoints
- The window in the administrative console
- The Connection Management configuration item on the window
- Authentication session created after user registration
- As of PingFederate 10.1, an authentication session is automatically created for a
user after registration, preventing the user from having to log in again during the
next SSO transaction. This feature is enabled by default for all new and existing
local identity profiles. However, if needed, you can disable it through the
/localIdentity/identityProfiles administrative API endpoint
by setting the createAuthnSessionAfterRegistration attribute to
- AWS CloudHSM
- If PingFederate is running on Linux and uses AWS CloudHSM, when administrators upgrade from PingFederate version 10.0 or earlier to PingFederate version 10.0.1 or later, they must also upgrade the CloudHSM client to version 3.1.1.
- Template html.form.login.template.html
- Starting with PingFederate 10.0, the html.form.login.template.html template no longer includes the $forgotPasswordUrl variable.