Changelog

Added support for:

Fixed an issue that could cause errors with specific string lengths for the cookie name.

Reimplemented fragment preservation with a new approach.

Added support for:

Ended support for:

Updated OpenSSL version to 1.1.1 for Red Hat Enterprise Linux 7.

Improved redirect handling. When users are redirected back from PingFederate after a flow, the Apache Linux Integration Kit agent can now preserve fragments in the URI, such as #MyHomePage. You can enable this behavior with the PingFederateEnableFragmentPreservation setting in the mod_pf.conf file.

Improved the way the adapter handles browser cookie attributes and expired cookies.

Removed the OpenToken Adapter from the .zip archive. The latest version is available in the Java Integration Kit. Learn more in Updating the OpenToken Adapter.

Changed to a standardized .zip file structure to make automated deployments easier.

Fixed an issue that could insert bad characters into legacy cookie names.

Added support for the SameSite cookie flag in web browsers.

Added the ability to read cookie HTTP request header case insensitively.

Removed module info from the Server HTTP response header.

Added support for the Amazon Web Services Application Load Balancer.

Fixed a URL encoding issue with special characters.

Removed support for Red Hat Enterprise Linux 5.

Improved query parameter encoding.

Improved cookie name parsing.

Fixed an issue with retrieving the session token.

Added the ability to encode query parameters.

Added the ability to disable virtual hosts by port value.

Added support for Ubuntu 16.10.

Added support for the HttpOnly flag on cookies. HttpOnly prevents the cookie from being intercepted or manipulated. This mitigates a significant portion of vulnerabilities, such as cross-site scripting (XSS), to which the cookie would otherwise be susceptible. This ensures the Apache agent’s behavior and security considerations are consistent with behavior for other adapters and agents. You can control this behavior with the PingFederateCookieHttpOnly setting in the mod_pf.conf file.

Bug fixes.

Added support for Oracle HTTP Server.

Added support for Apache 2.2 on Red Hat Enterprise Linux 5.0 (64-bit).

Optimized OpenToken lookup.

Fixed a security vulnerability.

Added Apache 2.4 support for Red Hat Enterprise Linux 7.0 and Ubuntu 14.04.

Fixed an issue that caused the Apache agent to handle directories containing spaces improperly.

Added support for Red Hat Enterprise Linux 6.5.

Added the ability to specify custom virtual host configurations.

Added the ability to expose OpenToken attributes for unprotected resources in the mod_pf.conf file.

Added the ability to use Allow/Deny directives in combination with Satisfy Any to achieve IP allow or deny directives.

Added support for Apache Server 2.4.

Added support for:

Fixed a security vulnerability.

Added support for the OpenToken 2.5.1 adapter and agent.

Added the ability to disable the Apache agent for specific virtual hosts in the mod_pf.conf file.

Added the ability to specify the Cache-Control HTTP header value in the mod_pf.conf file.

Added support for passing multivalued attributes through the HTTP headers.

Fixed an issue that caused automatic escaping of single and double quotes in attribute values. These are exposed to the application through the HTTP headers and server variables.

Fixed an issue that caused the Apache agent to truncate POST data.

Added a start page and error page for the Apache agent. Learn more in Download manifest.

Added support for the default RHEL OpenSSL installation.

Fixed an issue that caused Application Schemes, Hosts, and Port options to fail to work with the OpenToken when sent as a query parameter.

Fixed an issue that caused the Apache agent to fail to check the POST and query values, then the cookie for a valid OpenToken.

Added support for:

Added richer support for single logout.

Added the ability to use an alternative method to set session attributes as HTTP headers or environment variables without a prefix.

Removed deprecated functionality that wasn’t specific to PingFederate to simplify the Apache module.

Added the ability to expose attributes as HTTP request headers.

Added the ability to log the SAML subject in the Apache access_log.

Updated the OpenToken library to support password obfuscation.

Updated the OpenToken library to support the POST transport method.

Fixed an issue that required Cancel URLs to be contained in a protected resource.

Fixed an issue that caused the cookie domain to be validated against the agent configuration file if query or POST is used as the initial transport method.

Added support for dynamic TargetResource.

Removed items that aren’t necessary for the PingFederate implementation to simplify the configuration.

Added the ability for filters to use the full request URL, including query parameters, to determine whether to protect a resource.

Fixed an issue that caused the module to fail to start up if the transport mode was set to Query Parameter in the OpenToken adapter setup. The OpenToken session now uses the cookie-domain property out of the mod_plaa.conf file instead of the mod_pf.conf file.

The Apache Linux Integration Kit now ships with OpenToken 2.2.2. OpenToken 2.2.2 fixed an issue that appended a question mark (?) to the target resource URL, which Apache couldn’t process.

Initial release.