PingFederate 11.2.5 (May 2023) - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide

Enhancements and resolved issues in PingFederate 11.2.5. When upgrading to PingFederate 11.2.5, before you start the PingFederate engines, perform replication on the administrative console.

Binary objectGUID in provisioning

FixedPF-33160

We fixed an issue where PingFederate wasn't converting some provisioned users binary objectGUIDs into hex strings.

If your provisioned users GUID is stored in binary format, ensure that it is also set as binary in your source LDAP datastore.

For more information, see Modifying source settings and Setting advanced LDAP options.

Logging validation

FixedPF-32764

We've improved logging validation.

Multi-value request parameters for OIDC for console login

FixedPF-32783

We fixed an issue where multi-value request parameters were not working as expected when using OIDC for console login.

Preservation of changes to certain validation rules

FixedPF-33093

We fixed an issue where PingFederate did not preserve changes to certain validation rules in the http-request-parameter-validation.xml file upon upgrade.

SAML login session tracking

FixedPF-33168

We improved SP-Initiated SAML login session tracking. This security improvement can affect existing SAML SP connections that rely on multiple session states in a single transaction.

For more information about how your configuration can be affected, and the steps to resolve issues, see Solicited SAML Response Validation in the Ping Identity Support Portal.

OTL reset page error messaging

FixedPF-33307

The one-time link (OTL) reset page now displays an error message when the link is expired.

Access token bug fix

FixedPF-33342

We resolved an issue where an access token may not include the pi.sri claim after refresh. This issue only occurs when reuse of existing access grants is enabled.

Attribute retrieval

FixedPF-33484

In OAuth and OpenID Connect (OIDC) flows, external consent adapters can now retrieve attributes from the chained attributes map.

LDAP bug fix

FixedPF-33503

We fixed an LDAP issue where new access grant records were not created with new scopes when Reuse Existing Persistent Access Grants for Grant Types was enabled.

ID token ACR claim

FixedPF-33557

We resolved an issue where an ID token would not include the Authentication Context Class Reference (ACR) claim if an old client secret was used during the retention period.

Redundancies in key algorithm generation

FixedPF-33607

We fixed an issue that affected cluster replication when PingFederate was deployed with AWS CloudHSM. When replication was initiated, engines generated a number of temporary key pairs, and the increased load on the HSM could trigger SSO errors.