Enhancements and resolved issues in PingFederate 11.1.3.
Improvements to custom revocation checker
We've improved PingFederate's custom revocation checker, ensuring that when the server returns stapled Online Certificate Status Protocol (OCSP) responses, PingFederate invokes the checker. Previously, PingFederate used the default revocation checker to validate these responses, which could cause single sign-on (SSO) failures with BCFIPS mode enabled. For more information, see Configuring certificate revocation.
Cluster replication notifications
We've improved notifications to signal to administrators that in the event of a replication failure or any changes to cluster configuration require replication. For more information, see Cluster management.
Null pointer exception during dependency error detection
During PingFederate dependency error detection, OGNL expressions in adapter-to-adapter mappings no longer raise a null pointer exception (NPE).
PingFederate updates to HSM ordering
We've updated the recommended security provider ordering for the Thales Luna Network hardware security module (HSM) to address an issue where temporary keys and sessions could accumulate on the HSM, eventually resulting in resource exhaustion. A limitation of the new ordering is that EC certificates can no longer operate as SSL server certificates. For details on the new order, see Integrating with Thales Luna Network HSM.