PingAccess

Configuring compatible PingAccess agents to use bearer token authentication

About this task

Complete this procedure to configure version 3.0 of either the PingAccess agent for Apache (RHEL or SLES), IIS, or NGINX to use bearer token authentication.

Steps

  1. In the PingAccess admin console, go to Applications > Agents and open the agent configuration that you want to update.

  2. To prompt PingAccess to add the private key into the agent.properties file, select the Require Token Authentication checkbox.

    If you clear this checkbox later, you don’t need to generate a new agent.properties file to update the shared secret. The PingAccess agent will continue to use both the shared secret and the private key from the active agent.properties file if you haven’t removed them from the file.

  3. Download a new agent.properties file for the agent as shown in Adding agents.

    In PingAccess 8.2 and later, the PingAccess server generates a public key and private key in addition to the shared secret. You can find the public key on this page, identified with a timestamp. The updated agent.properties file contains the expected private key.

    To rotate keys, generate a new agent.properties file, then remove the old file and public key.

  4. Configure the agent with the updated agent.properties file.

    When the private key is present in the agent.properties file, it will genereate a unique JWT for authentication with every request to the PingAccess server. The JWT expires after 2 minutes, so you must ensure you synchronize the agent and the PingAccess server’s clocks.

  5. Repeat steps 1 - 5 for all configured agents.