Enhancements and resolved issues in PingFederate 11.1.2.
Bulk import for IdP connections
Resolved an issue where bulk import fails for identity provider (IdP) connections that fulfill Persistent Grant Extended Attributes.
Connection failures on external LDAP authentication login
PingFederate now recovers from initial connection failure when logging into the administrative console using external LDAP authentication.
Hiding user information from authentication API responses
You can now configure the setting IncludeUserInfoInResponses
in the <install
dir>/server/default/data/config-store/org.sourceid.saml20.domain.mgmt.impl.AuthnApiManagerImpl.xml
file to hide user information from authentication API responses.
Errors on policy fragments configured to handle failures locally
When an error occurs on policies containing fragments and configured to handle failures locally, PingFederate no longer redirects a user to the service provider (SP) error page on SP-initiated single sign-on (SSO).
Outbound TLS connection failures
The certificate path-building algorithm now uses PingFederate's custom revocation checker. This fix resolves a bug where outbound TLS connections failed for servers that presented out-of-order certificate chains.
PingDirectory user registration
During user registration, PingFederate now sends all passwords to PingDirectory, resolving an issue where passwords consisting of only spaces would not properly register a PingDirectory password.
Configurations with no connection type in Kerberos realm
When reading the pingfederate-kerberos-realms.xml file, PingFederate no longer raises an error for configurations with no connection type in the Kerberos realm.