Changelog - PingFederate

RSA SecurID Integration Kit 4.1 – April 2024

Added support for the Approve method's Selection mode. Support for the Approve method was introduced in RSA SecurID Integration Kit 4.0.
Note:
To use Selection mode, you must have RSA Authentication Manager 8.7 SP2 or later, integrated with the RSA Cloud Authentication Service (CAS). You must enable the Selection feature in RSA CAS, and use version 4.3 or later of the RSA mobile app.
Added the ability to define a template file prefix and customize the pages that the adapter displays per adapter instance.
Note:
If you modify a template file, rename the template file to give it a new prefix. Make sure to enter the new prefix in the HTML Template Prefix field.

Fixed an issue that caused an unavailable authentication method to display incorrectly.

Added support for the RSA Authentication Manager integrated with the RSA Cloud Authentication Service (CAS). The adapter supports the SecurID, Token, and Approve methods.

Fixed two issues that caused certain authentication attempts to be logged incorrectly in audit.log and server.log.

Added support for the PingFederate authentication API.
Added support for the JavaScript Widget for the PingFederate Authentication API.
Improved the template files to use the PingFederate localization framework. If you have existing customizations, you need to manually modify the new rsa-securid-messages.properties file. For help customizing messages, see Localizing messages for end users in the PingFederate documentation.
Fixed an issue that, after upgrading the adapter, caused an error when using the administrative API to bulk import an earlier version of the adapter.
Fixed an issue where the previous adapter wouldn't failover to its replicas when the virtual machine was running but RSA services was not.
Fixed a user impersonation vulnerability. See security bulletin SECADV026.

Fixed an issue that caused unexpected behavior when LockoutPeriod was set to 0 in the account lockout settings file.
Improved the description for the Challenge Retries setting in the adapter configuration.

Added the ability to customize the ciphers used in outbound HTTP requests to RSA SecurID.
Improved error handling for cases where the user leaves the username or passcode field blank.
Fixed an issue that could cause the adapter to cancel some sign-on attempts.

Fixed a serialization issue that occurred when PingFederate was used in a cluster.

Added support for RSA Authentication Manager 8.4
Added support for Java 11 by updating the adapter to use the RSA SecurID Authentication API.
Added the ability to override the user ID attribute that is sent to the authentication API without affecting the ID shown to the user.
Added the ability to configure failover servers for the primary RSA Authentication API endpoint.
Added proxy connection override settings.
Added connection read and timeout settings.
Improved templates to support multi-factor authentication and CSRF protection.
Improved template usability and error messages.

Added support for RSA Authentication Manager 8.3
Improved variable names in the template pages
Added new variables available to the template pages
Added configuration field to set the log level of the RSA Authentication Agent SDK
Added validation for user-generated PINs in the adapter and template