Configure and Deploy the Password Manager
Steps
-
Copy
gapps-password-manager.war
from thedist/gapps-password-manager
directory to either:<pf_install>/pingfederate/server/default/deploy/
Or the application-deployment directory in a different Web-servlet container of your choice.
-
In the directory
gapps-password-manager.war/WEB-INF/classes
, edit the filegapps-password-manager-config.props
, to provide valid client id, client secret, and oauth tokens for Google Apps.Follow the instructions in Obtain an application name, client ID, and secret section of this guide to obtain the client id and secret. Refer to Generate authorized OAuth 2.0 tokens for instructions on obtaining the token values.
You can use the
obfuscate.bat|sh
utility to mask the client secret, access token and refresh token value in the configuration file (recommended). The utility is located in the<pf-install>/pingfederate/bin
directory. Make sure to run the obfuscate utility with-l
flag.Example:
obfuscate.[bat|sh] -l <Value to be obfuscated>
As an option in this file, you may also change the default specifications (usable characters and length) for the randomly generated reset passwords that users will receive from the Password Manager.
-
Copy the
agent-config.txt
file, which was exported during the SP adapter, configuration, into the same directory. Learn more in SP Adapter Setup.../gapps-password-manager.war/WEB-INF/classes/
-
Start or restart PingFederate, or the servlet container in which the Manager is installed.