PingFederate 12.0.1 (February 2024) - PingFederate - 12.0

PingFederate Server

bundle
pingfederate-120
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 12.0
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-120
pingfederate
ContentType_ce
Product documentation
Guide > Administrator Guide
Guide

Rest datastore security vulnerability

SecurityPF-34720

Fixed a JSON injection vulnerability in REST datastores described in security advisory SECADV044.

Runtime nodes security vulnerability

SecurityPF-34896

Fixed a path traversal vulnerability in Runtime nodes described in security advisory SECADV044.

OpenID Connect policy management editor security vulnerability

SecurityPF-35081

Fixed a Cross-Site Scripting vulnerability in the OpenID Connect Policy Management Editor described in security advisory SECADV044.

Runtime notification when thread dumps are enabled but log4j2.xml is not configured

ImprovedPF-34832

Added a feature to generate a warning message on the Runtime Notifications tab if you have enabled thread dumps, but you have not configured the ThreadDumpAppender and ThreadDumpLogger properties in the log4j2.xml file.

To learn more about configuring thread pool exhaustion events, see Configuring runtime notifications.

Randomly-generated provisioner node ids

ImprovedPF-30913

Added a feature allowing you to generate random provisioner.node.id values.

To learn more about configuring provisioners, see Deploying provisioning failover.

Custom KeyID

ImprovedPF-34883

Added a feature allowing administrators to define custom KeyID values for static OAuth and OIDC keys and token signing keys.

Fixed an defect that caused PingFederate to not publish the alg parameter on the JWKS endpoint. This issue occurred for dynamically-generated EC signing keys on engine nodes.

To learn more about keys, see Keys for OAuth and OpenID Connect.

GET SAML request signature processing error

FixedPF-34641

Fixed a defect where SAML requests using HTTP GET method with multiple signature-related parameters encoded in the RelayState parameter were causing errors in processing signature validation.

NPE notification error

FixedPF-34813

Fixed a defect that caused PingFederate to issue null pointer exception (NPE) errors when querying the token endpoint.

Certificate expiry notification error

FixedPF-34854

Fixed a defect that caused the certificate expiry warning notification icon to remain when there were no notifications to display.

Reencyption causes connection or client to fail on engine

FixedPF-34409

Fixed a defect where changes made on the administrative console were not replicated to the engine during reencryption.

JMX registration failure for imported archives

FixedPF-34796

Fixed a defect that caused the JMX monitoring to fail to register archive files that are imported to PingFederate.

Content type changes if well_known endpoint response is too large

FixedPF-34865

Fixed a defect that caused the content-type of a response from the well_known endpoint to change from JSON to HTML if a response is too large.

PingFederate displays unlock your account page for unlocked users

FixedPF-34701
Fixed a defect that caused PingFederate to display an unlock your account page during self-service password reset to accounts that are not locked.

RHEL 8 using OS-level FIPS causes PingFederate failure

FixedPF-34879
Fixed a defect that caused PingFederate to fail on startup when installed on a Red Hat Enterprise Linux (RHEL) server with OS-levels FIPS enabled.

Error message for authentication policy fragment with invalid localIdentityRef

FixedPF-34882
Fixed a defect that returned a 500 error with no details when an authentication policy fragment had a LOCAL_IDENTITY_MAPPING action with an invalid localIdentityRef ID.

Unable to deobfuscate grant attributes

FixedPF-34839

Fixed a defect where PingFederate was unable to deobfuscate grant attributes of a certain length.

Valid Authorization policy generates "Configuration Error" message

FixedPF-34853

Fixed a defect that caused PingFederate to incorrectly return an Invalid Configuration error for a valid authentication policy.