PingCentral

Promotion processes

PingCentral makes it possible for application owners to promote their OAuth, OpenID Connect (OIDC), SAML, and PingAccess applications to development environments themselves.

After applying the templates to their applications, application owners enter information about their target environments into PingCentral and promote their applications to the designated environment.

The templates contain the raw JSON from the model applications on which the templates were based. Although PingCentral saves this information, it doesn’t modify it. Instead, the saved JSON is used as a starting point for creating new applications and is modified only in memory with the environment-specific information during the promotion process.

After an application is promoted, you can revert them to previously promoted versions. The reverted version of the application won’t exist outside of PingCentral until it’s promoted again, at which point it’s also available in PingFederate or PingAccess. For details, see Reverting applications to previously promoted versions.

OAuth and OIDC application promotions

When promoting OAuth and OpenID Connect (OIDC) applications, application owners provide this information:

  • Redirect URIs: The trusted location that the application is redirected to with the authorization code or access token after the OAuth flow is complete. Redirect URIs are only required when promoting applications that use an authorization code and implicit grant types.

  • Client secret: Used if a client secret is required to authenticate the application. Application owners can generate a client secret or create one of their own.

To learn more about this process, see Promoting OAuth and OIDC applications in the PingCentral for Application Owners guide.

During the promotion process, the application name and description remains the same. If PingCentral identifies an identical client in PingFederate, the application JSON, along with the information that the application owner provides, overwrites the PingFederate OAuth client within the target environment. If the client doesn’t already exist, PingCentral creates all of the items defined in the application JSON, along with the information that the application owner provided.

If the Allow JSON editing for application promotions option is enabled for the environment, application owners are able to edit the underlying application JSON when they promote their OAuth client applications.

If OAuth clients have ATMs, OIDC policies, or scopes that conflict with the target environment during the promotion process, PingCentral does not change them because they could be shared across clients. Otherwise, PingCentral adds the ATMs, OIDC policies, and scopes specified in the original JSON file. If scopes are added, they’re defined as exclusive scopes and are associated with the client upon promotion.

While PingCentral does not promote the policy contract to persistent grant mappings, it promotes all access token mappings associated with the client, which are determined by the access token managers associated with the client. Only access token mappings that use the default, client credentials, or authentication policy contract contexts will be promoted.

Reverting applications to previously promoted versions

When you revert applications to previously promoted versions, the reverted versions of the application will not exist outside of PingCentral until you promote them again, at which point they will also be available in PingFederate or PingAccess.

Steps

  1. On the Applications page, locate the application you want to revert to a previously promoted version.

    You cannot revert applications created in previous versions of PingCentral.

  2. Click the expandable icon associated with the application, select the Promote tab, and then click View Details.

  3. In the Promotion Details window, click Revert Application.

    Result:

    A message displays asking you if you are sure you want to revert this application.

  4. Click Revert.

    Result:

    The reverted version of the application displays in your applications list.

    Reverting OAuth and OIDC applications to previously promoted versions overrides client secrets, so you will need to create or generate new secrets before you promote them again. Reverting SAML applications to previously promoted versions overrides the Entity IDs, ACS URLs, and certificates, so you might need to update this information before you promote them again.