Using mutual SSL and TLS authentication

In addition to Basic authentication, applications may use client-certificate authentication to communicate with PingFederate and the ReferenceID Adapter. To use this authentication for PingFederate 6.x and higher, the secondary SSL port must be configured, and application calls must use this port.

Your server may already be configured to use the secondary port for other back-channel SSO scenarios (for example, using SOAP). If not, follow this procedure:

  1. In the <pf-install>/pingfederate/bin directory, open the file run.properties and change the pf.secondary.https.port value from -1 to a valid port number.

    For more information about this property and related configuration settings, see PingFederate properties in the PingFederate Administrator’s Manual.

  2. Start or restart PingFederate.

Tags Capability > Single Sign On; Hosting Environment > On-Premises; Product > Adapters and Integration Kits; Product > Adapters and Integration Kits > Integration Kits