Resolved issues

Ticket ID Description

PF-29377

Resolved an issue that caused CIDR selectors in PingFederate authentication policies to fail for client IPv4 addresses retrieved from request headers containing a port.

PF-29393

Resolved an issue that caused repeated JGroups warning messages about channels not connected when you used DNS_PING for dynamic engine discovery.

PF-29394

Resolved an issue that prevented PingFederate from setting the PF cookie's SameSite flag to None. This caused problems when using the authentication API with a client that had a different hostname than PingFederate had.

PF-29438

Upgrading PingFederate on a supported Windows OS with a supported Java 11 JDK no longer fails.

PF-29482

Resolved an issue that prevented access to the secondary HTTPS port when BCFIPS mode was enabled.

PF-29597

When a client uses a reference access token that is tied to an expired grant to make a request to the UserInfo endpoint, now the response is 401 Unauthorized instead of 403 Forbidden.

PF-29621

In the in-place upgrade .zip package for maintenance releases, configurable files in the <pf_install>/pingfederate/bin directory are now placed under the /pf-maintenance/merge_required directory to indicate that you must merge these updated files with your existing copies.

PF-29629

Now PingFederate initializes correctly when it's in BCFIPS mode and has a legacy-encrypted hsmpasswd.txt file in the <pf_install>/pingfederate/server/default/data directory.

PF-29674

Updated the bundled X.509 Certificate IdP adapter to 1.3.1.
Note:

The PingFederate 10.3.2 in-place update .zip does not include the updated adapter. If you use the in-place update .zip to upgrade PingFederate, you can manually download and upgrade to the latest X.509 Certificate IdP adapter.