Configuring the OAuth client for PingCentral

Before you begin

Define a PingCentral-specific OAuth client. These steps explain how to configure PingFederate as the OpenID provider. See Configuring OAuth clients in the PingFederate Server guide for additional information.

Steps

In PingFederate, go to Applications → OAuth → Clients.
In the Client ID field, enter a unique identifier the client provides to the resource server (RS) to identify itself. This identifier is included with every request the client makes.
In the Name field, enter a descriptive name for the client instance. This name appears when the user is prompted for authorization.
In the Client Authentication field, select Client Secret, and manually enter a secret or click Generate Secret to have one created for you.

You will also use this secret when you configure single sign-on (SSO) for PingCentral. See Configuring SSO for details.
In the Redirection URIs field, enter this URI: https://<pc-host>:<pc-port>/login/oauth2/code/pingcentral.
Locate the Allowed Grant Types field and select Authorization Code.
Optional: If you want API access with bearer tokens, locate the field and select the Resource Owner Password Credentials option.

PingCentral doesn’t support ID token encryption.
From the Default Access Token Manager list, select your access token manager.
In the OpenID Connect section, from the ID Token Signing Algorithm list, select RSA using SHA-256. From the Policy list, select your OIDC policy.
Click Save.