Enhancements and resolved issues in PingFederate 11.1.1.
Administrative API enhancement
Improved the administrative API to manage the System for Cross-domain Identity Management (SCIM) inbound provisioning settings in identity provider (IdP) connections.
Message customization enhancement
Enhanced PingFederate message customization by adding the following FedHub-specific context variables:
FedHubSpConnApplicationName
FedHubSpConnName
FedHubOAuthClientId
FedHubOAuthClientName
Cluster management enhancement
Revised the Cluster Management window to make it more obvious when changes to the configuration on the administrative node have not been replicated to the engine nodes.
Security around password expiration
Improved the security around password expiration when using PingDirectory as a user store.
Issuance criteria in authentication policy contracts
Issuance criteria in authentication policy contracts no longer cause the logs to indicate invalid XML errors. This issue did not cause runtime errors.
HTTP header for client IP addresses
Resolved an issue that sometimes occurred when IPV6 addresses were specified in the HTTP Header for Client IP Addresses field on the Incoming Proxy Settings window.
Error descriptions
PingFederate error descriptions no longer disclose details of java classes.
MasterKeyEncryptor failure during cluster replication
When PingFederate is using a custom MasterKeyEncryptor that relies on an SSL call to an external service, cluster replication no longer causes cascading failures because PingFederate is unable to open Java key store files.
Updating the client secret with the OAuth client management service
When updating the client secret with the OAuth client management service, PingFederate now correctly creates the secondary secrets.
OAuth authorization
requests with response_mode=pi.flow
Now when PingFederate receives an OAuth
authorization request with response_mode=pi.flow
, password
change and account recovery flows using an authentication policy work
correctly.
Provisioning parameter failure
We've fixed a defect that caused provisioning to fail when the modifyTimestamp parameter is included in the provisioning request.
modifyTimestamp is capitalized differently depending on the identity provider. For more information, see Modifying source settings.