Enhancements and resolved issues in PingFederate 11.3.3.
Improved client authentication security
Added support for partitioned cookies
PingFederate now supports using the
Partitioned attribute to address third-party cookie
issues with the iframe-based login widgets in Google Chrome.
Fixed
/idp/startSLO.ping
404 caused by virtual issuer
configuration
Fixed an issue that was returning a 404 error if
the /idp/startSLO.ping endpoint was hit while a virtual
issuer was configured. You can now configure virtual issuers with a context
path.
Client JWKS now sets properly when using DynamoDB storage
Clients that maintain a JWKS endpoint can now use private key JWT based authentication when requesting an access token.
Fixed NPE when checking an existing persistent grant that is expired with DynamoDB
Checking for existing but expired grants with DynamoDB no longer causes a null pointer exception error (NPE).
Connections close after getting a 401 or 403 from PingOne API
Fixed an issue preventing PingFederate from closing connections after receiving a 401 or 403 response from PingOne MFA.
Outbound provisioning performance improvement
You can now turn off server-side sorting for LDAP requests related to outbound provisioning, which can improve performance in some environments.
Configure this option using the ProvisionWithServerSort parameter in the com.pingidentity.common.util.ldap.LDAPUtil.xml file.
Unable to copy and paste policy contract in specific situations
You can now copy and paste a policy contract below a selector node.
XML decryption failing
with KeyName element
Fixed an issue where decryption of an encrypted SAML element could fail if a
KeyName was specified.
Resolved a vulnerability in the Initial Setup Wizard
Fixed a Server-Side Request Forgery vulnerability in the Initial Setup Wizard described in security advisory SECADV041.
Upgraded third-party libraries
-
Upgraded Jetty to version 9.4.53.v20231009.
-
Upgraded JGroups to version 4.2.24.Final.