Resolved issues

Ticket ID Description

PF-28712

Added the ability to dynamically brand the Identifier First Adapter's login page using the velocity variables available to the template identifier.first.template.html.

PF-28951

When upgrading PingFederate from a version earlier than 9.3, the default value of the Enable PingDirectory Detailed Password Policy Requirement Messaging setting in password credential validators in the UI is now correctly set to false, which matches the runtime behavior.

PF-29175

Resolved an issue that caused the administrative console to fail to load with some navigation sequences when the environment has child plugin instances.

PF-29190

Resolved an issue that caused windows to load slowly when you navigate away from the IdP Adapters window.

PF-29192

The UserInfo endpoint no longer returns a 401 Unauthorized HTTP status code instead of 403 Forbidden, which had interfered with PingFederate's compatibility with PingAccess.

PF-29200

Resolved an issue that sometimes caused PingFederate cluster replications to fail and log a Timer already canceled error.

PF-29204

Resolved an issue that caused the Page Expired error to appear when users initiated single sign-on (SSO) after they closed the browser, the persistent session expired, and then they reopened the browser.

PF-29208

Changed the format of the maxFormKeys and maxFormContentSize attributes in jetty-admin.xml so that PingFederate no longer fails to honor their values.

PF-29242

Verified that PingFederate supports the following profiles for Financial-grade API (FAPI) 1 Advanced Final (Generic):
  • FAPI Adv. OP w/ MTLS
  • FAPI Adv. OP w/ MTLS, PAR
  • FAPI Adv. OP w/ Private Key
  • FAPI Adv. OP w/ Private Key, PAR

PF-29310

Resolved a security vulnerability, exploitable XXE caused by pre-parsing validation. See security advisory SECADV028 (requires sign on).

PF-29323

Resolved an issue that prevented the importation of PKCS12 key pairs with large fileData sizes using the administrative console or API.

PF-29366

Resolved a security vulnerability, XMLDSig processing leads to disclosure of any XML file. See security advisory SECADV028 (requires sign on).