Resolved issues

Ticket ID Description


Resolved an issue that caused CIDR selectors in PingFederate authentication policies to fail for client IPv4 addresses retrieved from request headers containing a port.


Resolved an issue that caused repeated JGroups warning messages about channels not connected when you used DNS_PING for dynamic engine discovery.


Resolved an issue that prevented PingFederate from setting the PF cookie's SameSite flag to None. This caused problems when using the authentication API with a client that had a different hostname than PingFederate had.


Upgrading PingFederate on a supported Windows OS with a supported Java 11 JDK no longer fails.


Resolved an issue that prevented access to the secondary HTTPS port when BCFIPS mode was enabled.


When a client uses a reference access token that is tied to an expired grant to make a request to the UserInfo endpoint, now the response is 401 Unauthorized instead of 403 Forbidden.


In the in-place upgrade .zip package for maintenance releases, configurable files in the <pf_install>/pingfederate/bin directory are now placed under the /pf-maintenance/merge_required directory to indicate that you must merge these updated files with your existing copies.


Now PingFederate initializes correctly when it's in BCFIPS mode and has a legacy-encrypted hsmpasswd.txt file in the <pf_install>/pingfederate/server/default/data directory.


Updated the bundled X.509 Certificate IdP adapter to 1.3.1.

The PingFederate 10.3.2 in-place update .zip does not include the updated adapter. If you use the in-place update .zip to upgrade PingFederate, you can manually download and upgrade to the latest X.509 Certificate IdP adapter.