Mapping Transient Identifier to Local User with Passwordfetch Class: This enhancement enables you to map a federated user with transient name identifier to a local user using the matching attribute. A new password fetch class extension has been added that can be executed as a post-authentication method after a successful transient federation. You can configure this method to match the transient user to local user based on the attribute values received in the authorized assertion.

Falling Back to the Name/Password Form Authentication when Kerberos Authentication Fails: This enhancement enables you to configure the clients accessing the kerberos authentication to use the Name/Password form authentication based on the IP address configured.

Configuring the Fall Back Authentication Class: You can configure the kerberos authentication to fall back to any custom authentication class instead of always falling back to the Name/Password authentication. You can also configure to skip the kerberos authentication for certain clients.