PingAccess

Configuring a standard PingFederate runtime

About this task

Configure a secure connection to the PingFederate runtime in PingAccess:

Steps

  1. Click Settings and then go to System → Token Provider → PingFederate → Runtime.

  2. Select Standard Token Provider.

  3. In the Issuer field, enter the PingFederate issuer name.

  4. Optional: In the Descriptions field, enter a description for the PingFederate instance.

  5. In the Trusted Certificate Group list, select the certificate group that the PingFederate certificate is in.

  6. To configure advanced settings, click Show Advanced.

    1. If host name verification for secure connections isn’t required for either the runtime or the backchannel servers, select the Skip Hostname Verification check box.

    2. To use a configured proxy for backchannel requests, select the Use Proxy check box.

      If the node is not configured with a proxy, requests are made directly to PingFederate.

      For more information about creating proxies, see Adding proxies.

    3. Select Use Single-Logout to enable single logout (SLO) when the /pa/oidc/logout endpoint is accessed to clear the cookie containing the PingAccess token.

      If you select this option, PingAccess sends a sign off request to PingFederate, which completes a full SLO flow.

      To use this feature, SLO must be configured on the OpenID Provider (OP).

    4. Enter the STS Token Exchange Endpoint to be used for token mediation if it’s different from the default value of <issuer>/pf/sts.wst.

  7. Click Save.

    Saving a new PingFederate runtime configuration overwrites any existing PingFederate runtime configuration.

Result

After you save the PingFederate runtime connection, PingAccess tests the connection to PingFederate. If the connection can’t be made, a warning displays in the admin console, and the PingFederate runtime won’t save.

Next steps

After you save this configuration and perform the steps in Configuring OAuth resource servers, a PingFederate access validator is available for selection when you define OAuth-type rules in the policy manager.

After you configure the token provider, click View Metadata to display the metadata provided by the token provider. To update the metadata, click Refresh Metadata.