BUG FIXES:
- Fix issues with
pingfederate_authentication_policy_contract
pingfederate_oauth_client
plans being incorrect (#245)
BREAKING CHANGES:
- The provider is being migrated to the new Terraform Provider Framework and all resources will eventually be moved over.
- The following resources have been upgraded and contain breaking changes to their interface:
- pingfederate_authentication_policy_contract
- pingfederate_oauth_client
- See the upgrade guide on the registry for more detail upgrading each resource.
FEATURES:
- New Resource
pingfederate_application_session_policy
. (#232) - New Resource
pingfederate_authentication_session_policy
. (#232) - New Resource
pingfederate_session_settings
. (#232) - New Resource
pingfederate_global_authentication_session_policy
. (#232) - New Resource
pingfederate_redirect_validation_settings
. (#193) - Add support for
user_id_authenticated
withinAUTHN_SOURCE
policy actions. (#215) - Add support for
search_attributes
withldap_attribute_source
. (#233)
BUG FIXES:
- Fixed issue with empty configuration blocks. (#206)
- Fixed issue with empty issuance criteria blocks. (#213)
- Allowed empty
inbound_mapping
for policies. (#213) - Change
responder_url
to be optional due to API change in PF11.1 (#231)
FEATURES:
- Add support for
pingfederate_idp_token_processor
. (#160)
BREAKING CHANGES:
- Behaviour change for
pingfederate_idp_sp_connection
thews_trust.attribute_contract.core_attributes
is computed and can no longer be set. (#159)
BUG FIXES:
- Remove unnecessary retry on OAuth client creation. (#165)
- Fixed issue
incoming_proxy_settings
didn't run on 11+ . (#162) - Fixed issue
ws_trust
onpingfederate_idp_sp_connection
whenrequest_contract_ref
is not provided. (#158) - Ensure
logging_module
onpingfederate_idp_sp_connection
has a default (STANDARD
). (#159)
NOTES:
- Regression testing against 9.3.3 and 10.0.x has been removed as PingIdentity no longer provider working container images.
- Tested against newly released PingFederate 11.0
BUG FIXES:
- Authentication policy failed marshalling of
attribute_rules
in PingFederate API. (#148) - Change
ws_trust.request_contract_ref
onpingfederate_idp_sp_connection
to no longer be required. (#155)
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Add support for
pingfederate_oauth_client_settings
(singleton). (#145) - Add support for
pingfederate_oauth_client_registration_policy
to support DCR settings. (#145) - Add support for
pingfederate_oauth_access_token_manager_settings
. (#143)
BUG FIXES:
- Authentication policy tree default enabled status regression has been fixed back to
true
. (#139)
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Added more cross functional PingFederate version testing, 9.3 -> 10.3.
BUG FIXES:
- Don't set configuration default rows unless true (allows PF9.3 to work). (#135)
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Add support for
pingfederate_certificates_revocation_settings
. (#130) - Add support for
pingfederate_pingone_connection
. (#115)
BUG FIXES:
- Fixed incorrect validation on AttributeContractFulfillment. (#129)
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Add data source to return PingFederate version. (#116)
- Generated provider docs for all resources and data-sources. (#114)
- Added functional testing against PingFederate 10.3.x
BUG FIXES:
- Fixed issue with
pingfederate_idp_sp_connection
blockoutbound_provision
not correctly handlingsensitive_target_settings
. - Fixed issue with
pingfederate_idp_sp_connection
blocksp_browser_sso.attribute_contract.extended_attributes
ordering. (#117)
DEPRECATIONS:
- The
pingfederate_oauth_auth_server_settings
attributeapproved_scope_attribute
has been deprecated please useapproved_scopes_attribute
to correctly align with the Admin API. - The
pingfederate_oauth_openid_connect_policy
attributeinclude_user_in_id_token
has been deprecated please useinclude_user_info_in_id_token
to correctly align with the Admin API. - The
pingfederate_server_settings
blockroles_and_protocols
has been deprecated in PingFederate 10.1.
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Add support for PAR oauth server settings. (#108)
- Add support configuring IDP Adapter
instance_id
. (#106)
BUG FIXES:
- Add missing field to oauth client
restrict_to_default_access_token_manager
. (#109) - Fix broken field to oauth server settings
admin_web_service_pcv_ref
. (#105)
NOTES:
- This is an early release experimental build for PingFederate 10.x
BREAKING CHANGES:
Attribute contracts for the following resources no longer require read-only core_attributes
and they can no longer be defined, this affects the following resources.
pingfederate_sp_adapter
pingfederate_oauth_openid_connect_policy
pingfederate_password_credential_validator
FEATURES:
- Add support for extended properties
pingfederate_extended_properties
. - Add support for incoming proxy settings
pingfederate_incoming_proxy_settings
(#85). - Add support for openid connect keypairs
pingfederate_keypairs_oauth_openid_connect
(#86). - Enhance oauth access token managers with support for
parent_ref
,access_control_settings
,selection_settings
andsession_validation_settings
(#99).
BUG FIXES:
- Fixed issue with openid connect policy core attributes not being computed. (#94)
NOTES:
- This is an early release experimental build for PingFederate 10.x
- Add ability to specify
default_row
for configuration table rows, the default value isfalse
, be sure to review any configuration blocks with rows before upgrading. - This main test version for the provider is now 10.2, the functional tests cover all versions of 10.x still.
FEATURES:
- Add custom data store resource/data sources. (#82)
- Add authentication policy fragment (PF10.2+). (#80)
- Add support for dynamic scopes (oauth_auth_server_settings). (#82) (Thanks to @mosersil for this contribution)
- Add support setting authentication policy contract id. (#81)
- Add support setting data stores id. (#89)
BUG FIXES:
- Add workaround for PingFederate bug with race conditions deleting authentication policy contracts and sp connections. (#91)
NOTES:
- This is an early release experimental build for PingFederate 10.x
- Some additional documentation cleanup. (#62)
- Added ability to handle certificate formatting differences for
idp_sp_connection
credentials -> certs -> x509_file
block.
FEATURES:
- Add jdbc/ldap data store data sources. (#71)
BUG FIXES:
- Add workaround for PingFederate bug with race conditions deleting data stores and sp connections. (#77)
- Fix crash with empty
contact_info
block onidp_sp_connection
. (#70 )
NOTES:
- This is an early release experimental build for PingFederate 10.x
BUG FIXES:
- Fix issue with imported keypairs and
key_size
fields. (#68)
NOTES:
- This is an early release experimental build for PingFederate 10.x
BUG FIXES:
- Fix
idp_sp_connections
credentials.certs to correctly compute thecert_view
block. - Add workaround for PingFederate bug with race conditions deleting data stores and sp connections. (#66)
- Add workaround for PingFederate bug with race conditions when managing
certificate_ca
. (#63)
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
pingfederate_oauth_resource_owner_credentials_mappings
(#55)
BUG FIXES:
- Ensure certain reference fields force new resource if changed.
plugin_descriptor_ref
onpingfederate_authentication_selector
,pingfederate_oauth_access_token_manager
,resource_pingfederate_idp_adapter
,resource_pingfederate_sp_adapter
andpingfederate_password_credential_validator
access_token_manager_ref
/context_ref
onresource_pingfederate_oauth_access_token_mappings
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- Add support for
darwin/arm64
release. (#52)
BUG FIXES:
- resource/pingfederate_authentication_policies: Increase depth of nested policies.
- resource/pingfederate_jdbc_data_store: Fix idempotency on
encrypted_password
field. (#51)
NOTES:
- This is an early release experimental build for PingFederate 10.x
BUG FIXES:
- Ensure OIDC Policy overrides for default delivery is correctly set.
NOTES:
- This is an early release experimental build for PingFederate 10.x
- Added documentation for the following resources:
pingfederate_authentication_api_application
pingfederate_authentication_selector
pingfederate_jdbc_data_store
pingfederate_ldap_data_store
pingfederate_oauth_openid_connect_policy
BUG FIXES:
- Fix #42
- Fix authentication selector not ForceNew when name or plugin changes.
- Add hostname tags for ldap_data_store.
- Fix oauth_access_token_mappings mishandling issuance_criteria
- Add retry on oauth client creation to handle flakey PF API.
- Add retry on oauth openid connect policy creation to handle flakey PF API.
NOTES:
- This is an early release experimental build for PingFederate 10.x
- The
bypass_external_validation
which several resources used has been migrated to provider level configuration. This is a breaking change as the attribute was removed from the following affected resources:resource_pingfederate_authentication_policies
resource_pingfederate_idp_adapter
resource_pingfederate_idp_sp_connection
resource_pingfederate_jdbc_data_store
resource_pingfederate_ldap_data_store
resource_pingfederate_oauth_access_token_mappings
resource_pingfederate_oauth_openid_connect_policy
resource_pingfederate_sp_authentication_policy_contract_mapping
resource_pingfederate_sp_idp_connection
BUG FIXES:
- Fix issues with importing several resources.
- Add configuration validation for the provider block for any initial connection issues.
NOTES:
- This is an early release experimental build for PingFederate 10.x
BUG FIXES:
- resource/pingfederate_authentication_selector: Fix handling of the attribute contract.
NOTES:
- This is an early release experimental build for PingFederate 10.x
BUG FIXES:
- resource/pingfederate_oauth_client: Was missing several configuration fields and didnt support
NONE
client auth types. - Fixed issue with root boolean values not being set to
false
on several resources - Changed descriptor validation logic to soft fail if the role isnt enabled (but could be as part of the apply).
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
pingfederate_authentication_api_application
- New Resource:
pingfederate_authentication_api_settings
- New Resource:
pingfederate_idp_sp_connection
- New Resource:
pingfederate_kerberos_realm
- New Resource:
pingfederate_keypair_signing
- New Resource:
pingfederate_sp_idp_connection
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
resource_pingfederate_certificates_ca
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
resource_pingfederate_notification_publisher
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
pingfederate_authentication_policies_settings
- New Resource:
pingfederate_authentication_policies
- New Resource:
pingfederate_server_settings
NOTES:
- This is an early release experimental build for PingFederate 10.x
FEATURES:
- New Resource:
pingfederate_authentication_policy_contract
- New Resource:
pingfederate_authentication_selector
- New Resource:
pingfederate_jdbc_data_store
- New Resource:
pingfederate_ldap_data_store
- New Resource:
pingfederate_idp_adapter
- New Resource:
pingfederate_oauth_auth_server_settings
- New Resource:
pingfederate_oauth_authentication_policy_contract_mapping
- New Resource:
pingfederate_oauth_client
- New Resource:
pingfederate_oauth_access_token_manager
- New Resource:
pingfederate_oauth_access_token_mappings
- New Resource:
pingfederate_oauth_openid_connect_policy
- New Resource:
pingfederate_sp_adapter
- New Resource:
pingfederate_sp_authentication_policy_contract_mapping
- New Resource:
pingfederate_password_credential_validator