Configuring a PingAccess application
Perform the following steps to configure PingAccess applications.
Before you begin
-
Install PingAccess and verify that you can access the administrative console. For information on installing PingAccess, see Installing and Uninstalling PingAccess.
Change the default credential set on first usage. The default credentials for your PingAccess installation are:
Username: Administrator Password: 2Access
-
Configure an application in PingOne.
-
Configure PingAccess to use PingOne as the token provider.
About this task
For each application that you want to configure:
Steps
-
Create a virtual host.
For more information on creating a virtual host, see Creating new virtual hosts.
-
Click Applications and then go to Applications → Virtual Hosts.
-
Click Add Virtual Host.
-
In the Host filed, enter a name for the virtual host.
For example: myHost.com. You can use a wildcard (
*
) to indicate that any host name is acceptable. A wildcard host can also be specified, such as*.example.com
. -
In the Port field, enter the port number for the virtual host.
For example:
1234
. -
In the Agent Resource Cache TTL (s) field, indicate the number of seconds the agent can cache resources for this application.
Only applies to a destination of type
Agent
. -
Click Save.
-
-
Create a web session.
For more information on creating a web session, see Creating web sessions.
A web session is only used when protecting a web application. To protect APIs, configure an access token validator.
-
Click Access and then go to Web Sessions → Web Sessions.
-
Click Add Web Session.
-
In the Name field, enter a name for the web session.
-
From the Cookie Type list, select your cookie type, either Signed JWT or Encrypted JWT.
-
In the Audience field, enter a unique value.
-
In the Client ID field, enter the PingOne client ID.
You can find the Client ID on the Profile tab of the application you created.
-
From the Client Credentials Type list, select Secret.
-
In the Client Secret field, enter the client secret found on the application’s Configuration tab.
-
Click Show Advanced.
-
In the Scopes section, specify one or more scopes.
Ensure the scopes you specify match those configured for the PingOne application. Find the scopes on the Access tab of your PingOne application.
-
Click Save.
-
-
Create a site.
For more information on creating a site, see Adding sites.
In some configurations, a site might contain more than one application. A site can be used with more than one application, where appropriate.
-
Click Applications and then go to Sites → Sites.
-
Click Add Site.
-
Specify a Name for the site.
-
Enter the site Target.
The target is the
hostname:port
pair for the server hosting the application. Do not enter the path for the application in this field. For example, an application at https://mysite:9999/AppName has a target value ofmysite:9999
. -
From the Secure list, select whether or not the target is expecting secure connections.
-
If the target is expecting secure connections, from the Trusted Certificate Group list, select Trust Any.
-
Click Save.
-
-
Create an application in PingAccess for each application that you want to protect.
For more information on creating an application, see Adding an application.
-
Click Applications and then go to Applications → Applications.
-
Click Add Application.
-
In the Name field, enter a name for the application.
-
In the Description field, optionally enter a description for the application.
-
In the Context Root field, specify the context root for the application.
For example, an application at https://mysite:9999/AppName has a context root of
/AppName
. If the application is on the root of the server, you can set the context root as/
. The context root must begin with a slash (/), must not end with a slash (/), and can be more than one layer deep, for example,/Apps/MyApp
. -
From the Virtual Host list, select the virtual host you created.
The combination of virtual host and context root must be unique in PingAccess.
-
From the Application Type list, select Web.
-
From the Web Session list, select the web session you created.
-
From the Site list, select the site you created that contains the application.
-
Select the Enabled check box to enable the site when you save.
-
Click Save.
-