PingFederate 11.1.3 (December 2022) - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide

Enhancements and resolved issues in PingFederate 11.1.3.

Improvements to custom revocation checker

FixedPF-32395

We've improved PingFederate's custom revocation checker, ensuring that when the server returns stapled Online Certificate Status Protocol (OCSP) responses, PingFederate invokes the checker. Previously, PingFederate used the default revocation checker to validate these responses, which could cause single sign-on (SSO) failures with BCFIPS mode enabled. For more information, see Configuring certificate revocation.

Cluster replication notifications

FixedPF-32398

We've improved notifications to signal to administrators that in the event of a replication failure or any changes to cluster configuration require replication. For more information, see Cluster management.

Null pointer exception during dependency error detection

FixedPF-32553

During PingFederate dependency error detection, OGNL expressions in adapter-to-adapter mappings no longer raise a null pointer exception (NPE).

PingFederate updates to HSM ordering

FixedPF-32556

We've updated the recommended security provider ordering for the Thales Luna Network hardware security module (HSM) to address an issue where temporary keys and sessions could accumulate on the HSM, eventually resulting in resource exhaustion. A limitation of the new ordering is that EC certificates can no longer operate as SSL server certificates. For details on the new order, see Integrating with Thales Luna Network HSM.