Resolved issues

Ticket ID Description


Added the ability to dynamically brand the Identifier First Adapter's login page using the velocity variables available to the template identifier.first.template.html.


When upgrading PingFederate from a version earlier than 9.3, the default value of the Enable PingDirectory Detailed Password Policy Requirement Messaging setting in password credential validators in the UI is now correctly set to false, which matches the runtime behavior.


Resolved an issue that caused the administrative console to fail to load with some navigation sequences when the environment has child plugin instances.


Resolved an issue that caused windows to load slowly when you navigate away from the IdP Adapters window.


The UserInfo endpoint no longer returns a 401 Unauthorized HTTP status code instead of 403 Forbidden, which had interfered with PingFederate's compatibility with PingAccess.


Resolved an issue that sometimes caused PingFederate cluster replications to fail and log a Timer already canceled error.


Resolved an issue that caused the Page Expired error to appear when users initiated single sign-on (SSO) after they closed the browser, the persistent session expired, and then they reopened the browser.


Changed the format of the maxFormKeys and maxFormContentSize attributes in jetty-admin.xml so that PingFederate no longer fails to honor their values.


Verified that PingFederate supports the following profiles for Financial-grade API (FAPI) 1 Advanced Final (Generic):
  • FAPI Adv. OP w/ MTLS
  • FAPI Adv. OP w/ MTLS, PAR
  • FAPI Adv. OP w/ Private Key
  • FAPI Adv. OP w/ Private Key, PAR


Resolved a security vulnerability, exploitable XXE caused by pre-parsing validation. See security advisory SECADV028 (requires sign on).


Resolved an issue that prevented the importation of PKCS12 key pairs with large fileData sizes using the administrative console or API.


Resolved a security vulnerability, XMLDSig processing leads to disclosure of any XML file. See security advisory SECADV028 (requires sign on).