a good thing!
Product Releases
PingAccess
Application owners can now use authentication challenge response policies in PingAccess to send custom responses to SPAs, removing the need to modify application code to accept standard responses. Furthermore, SPA resources which don’t correspond to an application resource (e.g. those with no URL path) can now be easily defined and protected in PingAccess.
With this beta release, customers can now view the details of a transaction before approval by including custom scopes in OIDC backchannel authentication requests. In addition, administrators can now more easily configure identity mappings with an option to add all attributes, as well as segregate admin accounts by using a separate token provider.
PingAccess agents can now send informational headers that can be included in PingAccess logs (version 6.0 or higher required). This ensures that administrators know the active agents deployed, their versions, hostnames, and the platforms where they reside. Improvements also include admins being able to send arbitrary strings, which can be logged for agent inventory purposes for better reporting.
Customers can now automatically import configurations on startup, and upgrade configurations on import. Further simplifying administration, resources can be defined using query parameters in addition to specific path parameters. Customers can also enhance security by using an integration with iovation Fraudforce to check device health before granting resource access, and by configuring PingAccess to validate certificates on Mutual TLS Connections.
PingAccess 6.0.3 is a cumulative maintenance release for PingAccess 6.0, which introduced several new features, including ACME certificate management, Amazon CloudHSM support, and a simplified upgrade process, along with several other enhancements.
To improve security, PingAccess can now authenticate to supported OIDC identity providers such as PingFederate and Microsoft Azure Active Directory using mutual TLS, and check the validity of certificates used when proxying a mutual TLS client connection to protected applications. Administration has been made easier with the relocation of key pair assignments for HTTPS listeners, as well as the logging of complete requests and responses for troubleshooting. Note: this is a beta release.
Increase security by automating the lifecycle of HTTPS certificates via Automated Certificate Management Environment (ACME) and storage of HTTPS and client private keys in an Hardware Security Module (HSM). Additionally, the new administrative UI is much faster, providing an even better admin experience in large deployments, and the upgrade process has been simplified allowing administrators to work more and wait less.
PingAccess 5.3.2 is a cumulative maintenance release which introduced several new features, including performance enhancements, logging improvements, simplified PingFederate configuration, and greater control over trusted certificate groups, along with several other enhancements.
PingAccess 5.3.1 is a cumulative maintenance release for PingAccess 5.3, which introduced several new features including performance enhancements, logging improvements, simplified configuration with PingFederate, and greater control over trusted certificate groups, along with several other enhancements.
A new rule type enabled by added support for the Client Initiated Backchannel Authentication (CIBA) standard allows PingAccess to perform one-time authorizations for defined high-risk transactions like a high-dollar transfer. Additionally, support for Proof Key for Code Exchange (PKCE) has been added to increase security by preventing interception attacks with a dynamic one-time cryptographically secure code and verification mechanism between PingAccess and the OpenID Provider (OP).
Performance and logging enhancements have been implemented to efficiently provide access security to thousands of applications, with customers able to monitor health for all of these resources with additional logging capabilities that include startup and response times. To further reduce administrative efforts, a new web session scope and JWT identity mapping exclusion lists have also been added in this release. In addition, the PingAccess Agent for Nginx Plus has been updated to support R18.
Organizations leveraging PingAccess for agent based protection of resources now have more configuration options. The PAAEnabled directive can now be used inside a directory or location container. Additionally, the ability to set policy caching mechanisms using a property in the agent.properties file has been added. Finally, functionality to enable or disable agent processing for requests based on a note field is now available. The following agents have each received these updates:
Organizations can now apply granular authorization policies for applications running on Apache for Windows (VC14+ 64-bit) with a new agent. WAM coexistence has also been made easier with Apache PingAccess agents able to run in conjunction with legacy WAM agents, with the flexibility to enable or disable agent processing as needed.
PingAccess 5.2.3 is a cumulative maintenance release for PingAccess 5.2.
PingAccess 5.2.2 is a cumulative maintenance release for PingAccess 5.2, which introduced several new features, including a customizable reserved application path, support for decrypting ID tokens, and support for PingOne for Customers as the token provider, along with several other enhancements. This maintenance release resolves several important issues to include fixes to the heartbeat endpoints, OIDC authentication delays, POST preservation problems along with other minor issues.
We expanded the platform support for PingAccess by releasing a new version of the NGINX Agent that supports both r16 and r17 of the NGINX Plus server. That new agent is available from the PingAccess Downloads site.
This beta release of PingAccess 5.3 adds customer-requested functions to help with the modernization of their Web Access Management solutions. This includes allowing administrators to view OIDC metadata that is available from the configured token provider.
PingAccess 5.2.1 is a cumulative maintenance release for PingAccess 5.2, which included improved PingFederate integration, improved support for local OAuth token validation, and enhanced support for groovy scripts. This release more tightly integrates PingAccess and PingFederate, which improves performance and exchange of data.
Ping is pleased to announce PingAccess Policy Migration 2.0, which adds tooling for the entire policy lifecycle - migration, testing, promotion, and monitoring - to improve enterprise migration from their legacy access systems.
Ping is pleased to announce PingAccess 5.2, which includes improved PingFederate integration, improved support for local OAuth token validation, and enhanced support for groovy scripts. This release more tightly integrates PingAccess and PingFederate, which improves performance and exchange of data. We also released PingAccess Policy Migration 1.1 that adds support for PingAccess 5.0+ features.
PingAccess 5.1.2 is our second cumulative maintenance release for PingAccess 5.1 and includes several fixes to connection handling. PingAccess 5.1 introduced several new features, including Custom OIDC Scopes, single-page application (SPA) Support, improved Redirect and Rejection handling, Unprotected Resources and Enhanced Path Matching patterns, along with several other enhancements. It's recommended that all customers upgrade to this release who are running PingAccess 5.1.1 or looking to upgrade from earlier versions.
PingAccess released an updated PingAccess Agent SDK for C, all new minor versions of the Apache and IIS agents to protect against a potential security vulnerability, and a new major version of the NGINX agent now supporting NGINX Plus R15. Ping Identity takes security very seriously and we recommend all PingAccess Agent SDK users update to the latest SDK and Agents.
See the agent release notes:
Ping Identity is pleased to announce the availability of the PingAccess 5.2 Beta, which includes improved PingFederate integration, improved support for local OAuth token validation, and enhanced support for groovy scripts. This release more tightly integrates PingAccess and PingFederate, which improves performance and exchange of data by adding an API endpoint, reducing backchannel communication, and enabling PingAccess to dynamically populate token generator IDs.
The new PingAccess Agent SDK for C and all of its agents were updated to protect against a potential security vulnerability. Ping Identity takes security very seriously and we recommend all PingAccess Agent SDK users update to the latest SDK and Agents.
See the agent release notes:
PingAccess Policy Migration 1.0.1 is a cumulative maintenance release for PingAccess Policy Migration 1.0 (PA PM), which was the first release of this product. The maintenance release introduces an upgrade utility and includes performance and security fixes. PA PM is designed to remove the burdensome and error-prone processes involved in manually migrating hundreds of policies from your legacy WAM system to PingAccess.
PingAccess 5.1.1 is a cumulative maintenance release for PingAccess 5.1, which introduced several new features, including Custom OIDC Scopes, single-page application (SPA) Support, improved Redirect and Rejection handling, Unprotected Resources and Enhanced Path Matching patterns, along with several other enhancements.
PingAccess Policy Migration (PA PM) is a new product that removes the burdensome and error-prone processes involved in manually migrating hundreds of policies from your legacy WAM system to PingAccess. PA PM allows you to maintain your existing network architecture with options to migrate to agent or proxy configurations. During migration, PA PM also enables you to review corresponding import and export values to ensure accuracy, as well as troubleshoot common mapping and export errors.
The newest PingAccess release makes it easier for customers to migrate from legacy WAMs and modernize their IAM environment by increasing flexibility to match existing deployment architectures and incorporate data from API-enabled systems like mobile device management solutions and threat detection systems to make better access decisions.
PingAccess 5.0.4 is a cumulative maintenance release for PingAccess 5.0, which introduced Ping Identity Cloud Automation Repo, Zero downtime upgrades, a new application type (Web +API), and several other enhancements. The 5.0.4 release includes several fixes to processing access and one security fix related to Agent caching. Ping Identity recommends customers upgrade to this release who are running PingAccess 5.0.3 or looking to upgrade from earlier versions.
The PingAccess 5.1 beta release increases flexibility to include certain URLs of an application which are not subject to access policy, authentication or session requirements. It also includes the ability to make REST API calls to external services. Furthermore, automated deployment of PingAccess in AWS is now available in seven new regions.
Contact customersuccess@pingidentity.com to join our beta user program.
PingAccess 5.0.3 is a cumulative maintenance release for PingAccess 5.0, which introduced several new features, including Ping Identity Cloud Automation Repo, Zero downtime upgrades, a new application type (Web +API), along with several other enhancements.
PingAccess 5.0.2 is a cumulative maintenance release for PingAccess 5.0, which introduced several new features, including Ping Identity Cloud Automation Repo, Zero downtime upgrades, a new application type (Web +API), along with several other enhancements.
For product updates prior to 2018, please visit our PingAccess Release Notes.
Developers can use this guide to take advantage of the features that we have recently made available to protect Single-Page Applications (SPAs). The Github posting includes explanations, containers using our DevOps tooling to stand up local instances of PingFederate and PingAccess, and a basic To-Do List SPA, which demonstrates an example of using identity information to secure a SPA.
Take the Next Step
See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.
Thank you! Keep an eye on your inbox. We’ll be in touch soon.