Web Agents

Incompatible changes

Incompatible changes impact existing functionality and may affect your migration from a previous release. Before you upgrade, review these lists and make the appropriate changes to your scripts and plugins.

Changes in Web Agent 2024.9

There are no incompatible changes in this release.

Changes in Web Agent 2024.6

There are no incompatible changes in this release.

Changes in Web Agent 2024.3

Support for SSLv3

Support for SSLv3 was removed.

NGINX binaries renamed

The operating system name in the downloadable NGINX binaries has been replaced with Linux. A single build is now suitable for all NGINX versions and operating systems.

  • Example formats for previous release:

    web-agent-2023.11-NGINX_r30_Rhel7_64bit.zip
    web-agent-2023.11-NGINX_r30_Rhel8_64bit.zip
    web-agent-2023.11-NGINX_r30_Rhel9_64bit.zip
    web-agent-2023.11-NGINX_r30_Ubuntu20_64bit.zip
    web-agent-2023.11-NGINX_r30_Ubuntu22_64bit.zip

  • Example format for this release:

    web-agent-2024.3-NGINX_r30_Linux_64bit.zip

AES-256-GCM encryption

Because of the changes in Hardened security of agent secrets, drop-in software update to this release isn’t possible. Upgrade to this release from an earlier release is a major upgrade. Learn more in Upgrade.

Changes in Web Agent 2023.11

There are no incompatible changes in this release or any of its maintenance releases.

Changes in Web Agent 2023.9

There are no incompatible changes in this release.

Changes in Web Agent 2023.6

Management of agent credentials

An encryption key in agent.conf is used to decrypt credentials for the following properties:

  • Agent Profile Password

  • Private Key Password

  • Proxy Server Password

When decryption failed in previous releases, sometimes the agent attempted to use the encrypted form of the password. From this release, the agent does not attempt to use the encrypted form of the password.

Changes in Web Agent 2023.3

NGINX binaries renamed

NGINX binaries have been renamed as follows:

  • Old name format: web-agent-version-NGINX_rn_Centosn_64bit.zip

  • New name format: web-agent-version-NGINX_rn_Rheln_64bit.zip

OpenSSL support

The following versions of OpenSSL are no longer supported:

Operating systems OpenSSL versions
  • CentOS

  • Red Hat Enterprise Linux

  • Oracle Linux

  • Ubuntu Linux

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

  • Microsoft Windows Server

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

  • IBM AIX

  • OpenSSL 0.9.8

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

Changes in Web Agent 5.10

Regular expression pattern matching is platform-dependent

IIS agents use Windows libraries and ECMAScript-compatible regular expressions. Adapt the regular expression settings for IIS agents to account for this change.

Fragment redirect

From Web Agent 5.8.1, when Enable Fragment Redirect is true, the agent redirects the user back to the original resource using an absolute URL. In previous Web Agent 5 versions, the agent redirects the user using a relative URI.

Proxy rules that rely on fragment redirect to a relative URI, now result in a redirect to a full URL. For example a redirect to /a/b#c results in the final URL prot://host:port/a/b#c.

Ordered rules that rely on matching a plain URL followed by fully qualified alternatives can result in the fully qualified alternatives matching first.

Changes in Web Agent 5.9

AM 5.x.x EOL

AM 5.x.x has reached End of Life (EOL) and is no longer supported. For more information, refer to Ping Identity Product Support Lifecycle Policy | PingGateway and Agents.

Error logic for login time out in sessions

The fix for AMAGENTS-2717 changes the error logic that caused 403s to be seen on agent/cdsso-redirect or agent/custom-login-response when a user is redirected to authenticate, but then stays on the authentication page for longer than the default of 5 minutes.

This error could occur when a user logged out, was redirected for authentication by the agent, and then reopened the same browser the next day. Similarly, it could occur with a similar use case, on a mobile browser application.

Workarounds that were previously recommended, such as using non-default values for the following properties are no longer necessary or advised:

  • Profile Attributes Cookie Maxage

  • Enable POST Data Preservation

  • POST Data Entries Cache Period

To prevent problems, remove such workarounds from your configuration. If you have not customized these properties, no change is required.