Changelog - PingFederate

Page created: 12 Oct 2023 |

Page updated: 12 Oct 2023

| 3 min read

Product PingFederate Integration RSA SecurID Language English Integration Content Type Product documentation Audience Administrator

The following is the change history for the RSA SecurID Integration Kit.

RSA SecurID Integration Kit 4.0 – October 2023

Added support for the RSA Authentication Manager integrated with the RSA Cloud Authentication Service (CAS). The adapter supports the SecurID, Token, and Approve methods.

Fixed two issues that caused certain authentication attempts to be logged incorrectly in audit.log and server.log.

Added support for the PingFederate authentication API.
Added support for the JavaScript Widget for the PingFederate Authentication API.
Improved the template files to use the PingFederate localization framework. If you have existing customizations, you need to manually modify the new rsa-securid-messages.properties file. For help customizing messages, see Localizing messages for end users in the PingFederate documentation.
Fixed an issue that, after upgrading the adapter, caused an error when using the administrative API to bulk import an earlier version of the adapter.
Fixed an issue where the previous adapter wouldn't failover to its replicas when the virtual machine was running but RSA services was not.
Fixed a user impersonation vulnerability. See security bulletin SECADV026.

Fixed an issue that caused unexpected behavior when LockoutPeriod was set to 0 in the account lockout settings file.
Improved the description for the Challenge Retries setting in the adapter configuration.

Added the ability to customize the ciphers used in outbound HTTP requests to RSA SecurID.
Improved error handling for cases where the user leaves the username or passcode field blank.
Fixed an issue that could cause the adapter to cancel some sign-on attempts.

Fixed a serialization issue that occurred when PingFederate was used in a cluster.

Added support for RSA Authentication Manager 8.4
Added support for Java 11 by updating the adapter to use the RSA SecurID Authentication API.
Added the ability to override the user ID attribute that is sent to the authentication API without affecting the ID shown to the user.
Added the ability to configure failover servers for the primary RSA Authentication API endpoint.
Added proxy connection override settings.
Added connection read and timeout settings.
Improved templates to support multi-factor authentication and CSRF protection.
Improved template usability and error messages.

Added support for RSA Authentication Manager 8.3
Improved variable names in the template pages
Added new variables available to the template pages
Added configuration field to set the log level of the RSA Authentication Agent SDK
Added validation for user-generated PINs in the adapter and template