New features and improvements in PingFederate 11.0.1.
Rolling grace period for refresh tokens
When PingFederate rotates a
refresh token, if the client fails to get the new token, now PingFederate can accept the previous token for the
short period that you specify with the Refresh Token Rolling Grace
Period setting.
Performance improvement
Improved performance of the administrative console when a large
number of OAuth clients are stored in LDAP or JDBC
datastores.
URL region of the PingOne home button
When configuring the URL of the PingOne home button in the PingFederate administrative console, now
pf.pingone.admin.url.region in
run.properties supports
Canada
as a
region.AWS CloudHSM client
PingFederate can be successfully
integrated with AWS CloudHSM client version 3.4.4.
Resolved a potential security vulnerability
Resolved a potential security vulnerability that is described in
security bulletin SECBL021.
Updated Apache Log4j2
Resolved a potential security vulnerability by updating Apache
Log4j2 to version 2.17.1.
Authenticating PingDirectory users
Resolved an issue that allowed PingDirectory users to authenticate with expired
passwords.
Certificate revocation list checks
Resolved an issue that caused certificate revocation list (CRL)
checks to return "issuer not found in trusted CAs store" even
though the issuer certificate is present.