Apache Linux Integration Kit

Upgrading an existing deployment

If you’re upgrading from a previous version of the Apache Linux Integration Kit, modify your existing configuration files.

Steps

  1. Stop Apache.

  2. Download the Apache Linux Integration Kit .zip archive from the Add-ons tab of the PingFederate downloads page.

  3. From the .zip archive, copy apache-agent/lib/<your platform>/libopentoken.so to the Apache modules directory.

  4. Edit your existing mod_pf.conf file:

    1. Add the following if it doesn’t already exist.

      # Enables or disables the "http only" attribute of the cookie. Http only cookies
# inform the browser that the cookie shouldn't be accessible by client-side scripts.
# The default is set to "yes"

PingFederateCookieHttpOnly              yes

    2. Set the value to yes or no to suit your environment. Save the file.

  5. Edit your existing mod_pf.so file:

    1. Add the following if it doesn’t already exist.

      # (Required)
# The SameSite cookie attribute is set to this value. Set this to match the value of
# 'cookie-samesite-attribute' in the Agent configuration file (defined in
# PingFederateAgentConfigurationFile), if that is defined.
# The allowed values for this setting are: Strict, Lax, None, and Nothing
# The "Strict", "Lax", and "None" value changes the SameSite cookie attribute setting.
# The "Nothing" value leaves the SameSite cookie attribute unset in the OpenToken Session Cookie.
# For the "None" value, you must use secure attributes because cross-site cookies can only be
# accessed over HTTPS connections.
# If the cookie is not secure and the "None" value is selected, the SameSite cookie attribute
# will not be set.

PingFederateCookieSameSiteAttribute	Nothing

    2. Set the value to Strict, Lax, None, or Nothing to suit your environment. Save the file.

  6. Add the following if it doesn’t already exist.

    # (Optional)
# Enables or disables fragment preservation in requests.
# When set to "yes", preserves request fragment and redirects user back
# to the URI with fragment.
# To prevent sensitive data leakage, ensure that no sensitive information
# is present in a preserved fragment.
# The default is "no".
PingFederateEnableFragmentPreservation   no

# (Optional)
# The HTML template used to generate client side (JavaScript-based) redirects for
# fragment preservation. If not specified, a prebuilt template is used.
# Path could be an absolute or relative to the httpd.conf ServerRoot
# definition.

#PingFederateFragmentPreservationPageTemplateFile conf/fragment_preservation_request_template.html

  7. Start Apache.

  8. Update the OpenToken Adapter in PingFederate as shown in Updating the OpenToken Adapter.

  9. Reinstall the Apache Agent as shown in Apache Agent setup.