Ping SDKs

Limitations

This page lists the known issues and limitations of the Ping SDKs.

SDKs Renamed
Prior to November 2024, the Ping SDKs were known as the ForgeRock SDKs.

All platforms

  • The Ping SDKs do not support authentication chains nor modules.

  • The FRUI module is for prototyping your UI, and is not intended for production use, as-is.

  • As of ForgeRock SDKs 3.0, the Identity Providers supported for social login are limited to Apple, Facebook, and Google.

Ping SDK for Android

  • Displaying CAPTCHAs or using the Ping (ForgeRock) Authenticator module in your application requires the presence of the Google Play Services.

  • The Authenticator module of the Ping SDK for Android only supports Firebase Cloud Messaging service as a Push Notification provider.

  • Social Login requires PingAM 7.1 or the latest version of PingOne Advanced Identity Cloud.

  • Calling FRUser.logout() will only sign out the session from PingAM but not the Social Identity Provider. Every subsequent, social login attempt will automatically log in without asking for credentials.

  • Biometric authentication is only supported on Android 7.0 or newer.

  • Biometric authentication requires PingAM 7.1 or the latest version of PingOne Advanced Identity Cloud.

  • Biometric authentication requires the use of Google Play Services.

  • When a biometric dialog, such as the provide fingerprint dialog, is dismissed, the application may become unresponsive.

  • Biometric authentication does not distinguish individual biometrics (fingerprints or faces), but is limited to any registered for the device’s current user account.

  • As of ForgeRock SDKs 3.0, only platform authenticators can be used for WebAuthn; roaming/USB authenticators, like Yubikey, are not currently supported.

Ping SDK for iOS

  • Data encryption with Secure Enclave is only available for iOS 10+ devices with TouchID or FaceID.

  • DeviceCollector customization is only available in Swift.

  • JailbreakDetector customization is only available in Swift.

  • HiddenValueCallback and SuspendedTextOutputCallback are not accessible in Objective-C.

  • FRAuthenticator SDK is only available in Swift.

  • Social Login requires PingAM 7.1 or the latest version of PingOne Advanced Identity Cloud.

  • Calling FRUser.logout() will only sign out the session from PingAM but not the Social Identity Provider. Every subsequent, social login attempt will automatically log in without asking for credentials.

  • The Google Sign-In SDK is only compatible with CocoaPods (Swift Package Manager is not supported).

  • Sign In With Apple is only supported in iOS 13 and above.

  • Biometric authentication requires PingAM 7.1 or the latest version of PingOne Advanced Identity Cloud.

  • Biometric authentication does not distinguish between individual biometrics (fingerprints or faces), but is limited to the collection of biometrics registered for the device’s current user account.

  • For Biometric authentication, iOS only supports the ES256 signing algorithm, this is configured in the WebAuthn Registration node.

  • For "usernameless" biometric authentication support, "limit registrations" must be disabled within the WebAuthn Registration node.

  • As of ForgeRock SDKs 3.0, only the platform authenticator can be used for WebAuthn; roaming/USB authenticators, like Yubikey, are not supported.

Ping SDK for JavaScript

  • The Ping SDK for JavaScript is currently unable to revoke PingOne-issued OIDC tokens when using Firefox and Safari, due to third-party cookie protection.

  • When resources are protected by PingGateway, the Ping SDK for JavaScript can only support transactional authorization if PingAM and PingGateway are on the same origin.

  • FireFox does not support Touch ID as a WebAuthn device on Mac therefore it limits some WebAuthn node configurations.

  • The SDK requires polyfills to function in IE 11 and Legacy Edge.

  • In WebKit for both macOS and iOS, the "Prevent Cross-site Tracking" option, which is enabled by default, can prevent the SDK from functioning when the app and PingAM are under different origins.

  • Collecting location information requires the user’s system preferences to allow browser access to location information.

  • IndexedDB as a token storage strategy has a known issue with Firefox Private Mode. (Use localStorage as an alternative.)

  • Social login with Apple requires the use of a form POST, so the "Redirect URL" cannot be an SPA as they are unable to handle a POST request; the use of the special PingAM endpoint explained in Set up social login is recommended.

  • Calling FRUser.logout() will only sign out the session from PingAM but not the social identity provider. Every subsequent social login attempt will automatically log in without asking for credentials.