PingFederate 11.3.3 (November 2023) - PingFederate - 12.0

PingFederate Server

bundle
pingfederate-120
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 12.0 (Latest)
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-120
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

Enhancements and resolved issues in PingFederate 11.3.3.

Improved client authentication security

SecurityPF-34645
Fixed a potential security vulnerability described in security advisory SECADV040.

Added support for partitioned cookies

NewPF-34440

PingFederate now supports using the Partitioned attribute to address third-party cookie issues with the iframe-based login widgets in Google Chrome.

Fixed /idp/startSLO.ping 404 caused by virtual issuer configuration

FixedPF-34322

Fixed an issue that was returning a 404 error if the /idp/startSLO.ping endpoint was hit while a virtual issuer was configured. You can now configure virtual issuers with a context path.

Client JWKS now sets properly when using DynamoDB storage

FixedPF-34504

Clients that maintain a JWKS endpoint can now use private key JWT based authentication when requesting an access token.

Fixed NPE when checking an existing persistent grant that is expired with DynamoDB

FixedPF-34606

Checking for existing but expired grants with DynamoDB no longer causes a null pointer exception error (NPE).

Connections close after getting a 401 or 403 from PingOne API

FixedPF-34545

Fixed an issue preventing PingFederate from closing connections after receiving a 401 or 403 response from PingOne MFA.

Outbound provisioning performance improvement

FixedPF-33466

You can now turn off server-side sorting for LDAP requests related to outbound provisioning, which can improve performance in some environments.

Configure this option using the ProvisionWithServerSort parameter in the com.pingidentity.common.util.ldap.LDAPUtil.xml file.

Unable to copy and paste policy contract in specific situations

FixedPF-34433

You can now copy and paste a policy contract below a selector node.

XML decryption failing with KeyName element

FixedPF-34536

Fixed an issue where decryption of an encrypted SAML element could fail if a KeyName was specified.

Resolved a vulnerability in the Initial Setup Wizard

SecurityPF-34646

Fixed a Server-Side Request Forgery vulnerability in the Initial Setup Wizard described in security advisory SECADV041.

Upgraded third-party libraries

Improved
  • Upgraded Jetty to version 9.4.53.v20231009.

  • Upgraded JGroups to version 4.2.24.Final.