Certificate authentication configuration

Configuring Certificate Authentication between the client application and the ReferenceID Adapter requires the following steps:

  1. Store the Client SSL private certificate file (sampleClientSSLCert.p12) in the file system and specify the configuration.jsp file CLIENT_KEY_FILE_PATH constant. If the public certificate is not self-signed, additional public certificates may be needed to complete the trust chain.

    Import the public certificate into the PingFederate Trusted CAs list using the administrative console, along with any supporting certificates.

  2. Store the PingFederate server public SSL certificate X509 (pfserverSSLCert.crt) file in the file system and point the configuration.jsp file constant SERVER_CERTIFICATE_PATH to the SSL certificate X509 file.

  3. Enable PingFederate to use a secondary SSL port. In the run.properties file, set property pf.secondary.https.port to the appropriate port for example, 9032. The default value is -1.

    Set the Samples configuration.jsp to the same port value.

  4. Modify the Samples configuration.jsp constants PF_SECONDARY_SSL_PORT and CLIENT_KEY_FILE_PATH.

    Set CLIENT_KEY_FILE_PASSWORD and SERVER_CERTIFICATE_PATH appropriately and set CERTIFICATE_AUTHENTICATION to True.

    Set the constant SKIP_HOSTNAME_VERIFICATION to True if the URL's hostname and the server's identification hostname mismatch, and you want to accept all hostnames.

  5. Configure the ReferenceID Adapter to require a certificate by specifying the allowed subject and/or issuer DN using the administrative console.

Tags Capability > Single Sign On; Hosting Environment > On-Premises; Product > Adapters and Integration Kits; Product > Adapters and Integration Kits > Integration Kits