Enhancements

Registration modes
During a device pairing process, PingID SDK attempts to pair using remote notifications. When successful, the paired device can receive push notifications for ongoing authentication and transaction approvals. If the remote notifications fail, PingID SDK attempts to pair without remote notifications, in which case the paired device can be used as an authenticating device using a one time passcode.

In addition to the existing registration mode (remote notifications with automatic fallback to one time passcode) as described above, PingID mobile SDK has now been extended to support a greater diversity of registration modes. There are now also the options to restrict device registration to either a mode using remote notifications exclusively, or to a mode using a one time passcode exclusively.

Device registration without verification
Device registration has been extended to allow the ability to define the option for an existing active user to pair a new device without the need to verify the new device via the primary device.

Resolved issues

Ticket ID Description
PIMC-245

PIMC-276

 A case was discovered when a device was unpaired and then paired again, an entry for a new device was generated in the list of devices for the user. This issue has been resolved, so that unpairing and pairing the device again will reflect the same single device entry on the list of devices for that user. (Android and iOS)
PIMC-295

PIMC-309

PIMC-332

PIDC-707

 When a device was unpaired on the server side only, the device would fail on the first subsequent login, and would be led into the pairing process on the second login. This has been resolved so that when a device is unpaired only on the server side, it is automatically unpaired on the mobile on the next login attempt, and it will be led directly into the pairing process. (Android and iOS)
PIDC-347

PIDC-719

 If an application ID was set into the mobile application in upper case, it was impossible to pair a user. This issue has been resolved, and the application ID is no longer case sensitive.
PIDC-792 The PingID SDK documentation has been updated to reflect that the ACCESS_FAILED error code was replaced by the UNAUTHORIZED code.
Resolved in the Moderno demo application:
  • The progress spinner continued to spin on the paired authenticating device after successful completion of adding a new device. This is resolved so that the spinner disappears once the new device is added. (Android)
  • When the app was in the background, transaction notifications were only partially displayed. This issue is resolved so that transaction notifications are fully displayed when the app is in the background. (Android)
  • If a user disabled push notifications, authentication worked correctly in pushless mode, but the pairing process would still attempt to use push notifications. This issue has been resolved, so that when a user has disabled push notifications, pairing will also be performed in pushless mode. (iOS)
  • The terms "Hosting server" and "Hosting app" have been replaced with the new terminology of "Customer server" and "Customer app", bringing Android into alignment with iOS.
  • The Unpair from PingID menu option has been removed from the app. On the Login screen there is now no menu at all. On the Home screen there is a menu comprising only the single Logout option. This aligns the Android and iOS behavior.
(Ticket IDs: PIMC-262, PIMC-264, PIMC-265, PIMC-282, PIMC-283, PIMC-284, PIMC-313)

SDK code changes

PingID SDK component dependencies in build.gradle (Android)
This version includes new SDK component dependencies for Android. These should be added in the application's gradle.build file under dependencies. Developers must manually add these dependencies to their project, in order for the SDK to work, as the lib is distributed as a file and not via a repository.
The full list of dependencies is as follows:
compile 'org.slf4j:slf4j-api:1.7.7'
compile 'com.github.tony19:logback-android-core:1.1.1-6'
compile('com.github.tony19:logback-android-classic:1.1.1-6') {
    exclude group: 'com.google.android', module: 'android'
}
compile 'com.nimbusds:nimbus-jose-jwt:4.11'
compile 'com.google.code.gson:gson:2.6.2'
compile 'commons-codec:commons-codec:1.5'
compile 'com.madgag:sc-light-jdk15on:1.47.0.3'
compile 'com.madgag:scprov-jdk15on:1.47.0.3'
compile 'com.google.android.gms:play-services-base:10.2.1'
compile 'com.google.firebase:firebase-messaging:10.2.1'

Refer to Getting started with Android in PingID SDK for details.

Note:
Developers upgrading from PingID SDK 1.0.0 should replace the dependency 
compile 'io.jsonwebtoken:jjwt:0.7.0'
with 
compile 'com.nimbusds:nimbus-jose-jwt:4.11'
as reflected in the updated dependency list above.

Registration mode for pairing (Android and iOS)
The new registration modes use the Supported MFA type parameter, which must be added into the PingID SDK initialization:
  • Android:
    Backward compatibility is maintained with the old initialization
    PingID.init(<Android application object>, <Application ID>, <Object implementing PingIDSDKEvents>,<Push sender ID>);
    which will continue to support remote notifications with automatic fallback to one time passcode.

    In order to specify the registration mode, initialize the PingID SDK singleton, as described in the initialization step at Getting started with Android in PingID SDK, and repeated below with the new registration mode (Supported MFA type) parameter:

    PingID.init(<Android application object>, <Application ID>, <Object implementing PingIDSDKEvents>,<Push sender ID>, <Supported MFA type>);

    Arguments:

    • Android application object: The Android application instance of the customer mobile application.
    • Application ID: The application identifier from the Ping Identity web portal.
    • Object implementing PingIDSDKEvents: The object which implements the PingIDSDKEvents interface.
    • Push sender ID: The GCM/FCM sender ID.
    • Supported MFA type: The registration mode for pairing. Possible values:
      Registration mode value Description
      Automatic MFA supports remote notifications with automatic fallback to one time passcode.
      EnforceRemoteNotifications MFA supports remote notifications only.
      DisableRemoteNotifications MFA will not support remote notifications and will only support one time passcode.

  • iOS:
    Backward compatibility is maintained with the old initialization
    + (void)initWithAppID:(nonnull NSString *)appID
    which will continue to support remote notifications with automatic fallback to one time passcode.

    In order to specify the registration mode, use the new initialization:

    + (void)initWithAppID:(nonnull NSString *)appID supportedMfa:(PIDSupportedMfaType)supportedMfaType;
    defined as follows:
    /**
 Supported MFA types
 
 - PIDSupportedMfaTypeAutomatic:                   MFA supports remote notifications with automatic fallback to one time passcode
 - PIDSupportedMfaTypeEnforceRemoteNotifications:  MFA supports remote notifications only
 - PIDSupportedMfaTypeDisableRemoteNotifications:  MFA will not support remote notifications and will only support one time passcode
 */
typedef NS_ENUM(NSUInteger, PIDSupportedMfaType)
{
    PIDSupportedMfaTypeAutomatic                  =   0,
    PIDSupportedMfaTypeEnforceRemoteNotifications =   1,
    PIDSupportedMfaTypeDisableRemoteNotifications =   2
};

Known issues and limitations

Initializing a second pairing before completion of the first pairing process on the same device
If a user starts a new pairing process on a device which is still running the process of a previous attempted pairing, it may cause a race condition (Android and iOS).
  • If the admin console shows that a device or multiple devices are paired with the server, but the user cannot authenticate, then admins should unpair the affected devices, and the user should start a new pairing process.
  • Developers should create the necessary logic in their applications to prevent users from initiating a new pairing process while there is already a pairing request in progress.