PingCentral

Managing templates

Templates created in PingCentral are snapshots of the configurations for existing OAuth, OIDC, SAML, and PingAccess applications. If changes are made to those applications, the configurations on which the templates are based become outdated.

Add, update, and delete templates to meet your needs, or revert them to previous versions, as necessary.

You can create PingCentral templates from existing PingFederate or PingAccess applications or build your own.

OAuth and OIDC templates

Add, update, or delete OAuth and OpenID Connect (OIDC) templates to meet your needs, or revert them to previous versions, as necessary.

To add an OAuth or OIDC template, select a client configuration to replicate. PingCentral retrieves this configuration and saves it as a template, which serves as a building block for future applications.

Adding OAuth and OIDC templates

Steps

  1. All templates are listed on the Templates page. To add a new template, click Add Template.

  2. On the Integration Type page, select either an OAuth or OpenID Connect template. Click Next.

  3. On the Select OAuth Client or OIDC Client page, select the PingFederate environment that hosts the client application you want to use as a template, and then select the application itself from the Client list.

    If an environment is offline or if a PingCentral administrator has set the environment status to Disabled, you will be unable to select a disabled environment for template creation.

    You see details regarding the selected client.

    This example shows the information that displays when an OAuth client is selected.

  4. To see the JSON for the application, click Review Configuration.

  5. On the Name Template page, add a name and description for your template.

    This information will help application owners select the appropriate template.

  6. Select an icon to represent your template.

    The icon you choose is shown with the template name and description.

  7. Click Save and Close.

    You see the new template in the list of available application templates. Application owners will see the new template on the Select Template page.

    This example shows the Select Template screen, which lists the templates available for application owners to use.

    For OAuth or OIDC application templates, the following items are saved:

    • The client application

    • The ATM, if one exists

    • The parent ATM, if one exists

    • The OIDC policy, if one exists

    • Grant types

    • Definitions of exclusive scopes referenced by the client

Updating OAuth and OIDC templates

Steps

  1. To update an OAuth or OIDC template, click the Expand icon associated with the template.

  2. If the template is based on an outdated configuration, you can click the Sync button to sync the template with the latest configuration available.

    When you upgrade to PingCentral 2.0, OAuth and OIDC templates created prior to version 2.0 cannot be synced with the most recent configuration available. Recreate the template in version 2.0 to use the sync feature going forward.

  3. Click the Pencil icon to make additional changes.

    All the editable information is on one page.

    Option Description

    To update the name, description, or icon:

    Update the information in the Name and Description fields or select a new icon to represent the template.

    To update grant types:

    To update the grant types used for authorization, select or deselect the grant types that you want to use for this template.

    For details, see Grant Types in the PingFederate Server guide.

    Some grant types might not be available with your version of PingFederate.

    To update scopes:

    To add or update scopes, search for them and select or deselect the scopes that you want to use for this template.

    For details, see Scopes in the PingFederate Server guide.

    To update policy contracts:

    Add, delete, or update the current attribute mappings in the PingFederate policy contract associated with this template.

    For details, see Attribute contracts in the PingFederate Server guide.

    If you update a policy contract, a new contract is created in PingFederate, and you will be prompted to name it.

    If a template is associated with an environment that is deleted, you will not be able to update OIDC policy information for the template.

  4. Click Save.

    If you update the grant types, scopes, or policy contract information, the Save Template window displays and reminds you that you are creating a new version of this template. Applications created from the previous template will not change until you update the application to the latest template version. Briefly describe the updates you made to the template in the Comments field for tracking purposes and click Save.

Reverting templates to previous versions

The history of each template is available to review and compare with previous versions. You can see which administrator modified the template configuration or policy contract, when it was modified, and details regarding these modifications. You can revert templates to previous versions if necessary.

Steps

  1. To review the template history, click the Expand icon associated with the template, and then click the History tab.

  2. Click the Details link associated with each template version to see its configuration.

  3. Click the Diff with Current Version toggle to see the differences between this version and the most recent version.

  4. To restore this version as the current version, click Restore This Version.

    A new version of the template is created that matches the configuration of the version that you want to restore.

    The template revision numbers increment on a system-wide level, not on a per-template basis. So the first time any template in PingCentral is changed, it will have a revision of 1. A change made to a completely different template results in a revision of 6, and so forth. Reverting a template generates another revision, which again increments on a system-wide basis.

Deleting templates

Steps

  1. Click the expandable icon associated with the template to view template details.

  2. To delete the template from PingCentral, click its associated Delete icon.

    You cannot delete templates that are still associated with applications.
    Result:

    A message opens, asking you if you want to delete the template.

  3. Click Delete.

    A message opens, saying that the template was deleted.

SAML 2.0 and PingAccess templates

Add, update, or delete SAML and PingAccess templates to meet your needs, or revert them to previous versions, as necessary.

To add a SAML or PingAccess template, select a configuration to replicate. PingCentral retrieves this configuration and saves it as a template, which serves as a building block for future applications.

Adding SAML application templates

Steps

  1. All templates are listed on the Templates page. To add a new template, click Add Template.

  2. On the Integration Type page, select SAML. Click Next.

  3. On the Select SAML Connection page, select the PingFederate environment that hosts the connection you want to use as a template, and then select the connection from the Connection list.

    If an environment is offline or if a PingCentral administrator has set the environment status to Disabled, you will be unable to select a disabled environment for template creation.

    Details regarding the connection display.

    This example shows the information that displays when a SAML connection is selected.

  4. To see the JSON for the SAML connection, click Review Configuration.

  5. On the Name Template page, add a name and description for your template.

    This information will help application owners select the appropriate template.

  6. Select an icon to represent your template.

    The icon you choose is shown with the template name and description.

  7. Optional: If multiple authentication policy contracts exist in the underlying connection, choose the desired contract from the Authentication Policy Contracts list.

  8. Click Save and Close.

    You see the new template in the list of available application templates. Application owners see the new template on the Select Template page.

    This example shows the Select Template screen, which lists the templates available for application owners to use.

    For SAML SP connection templates, the following items are saved:

    • Connection information.

    • Attribute names and, if applicable, attribute sources defined in the associated authentication policy contract.

Updating SAML and PingAccess templates

Applications based on outdated templates have Outdated Template icons associated with them, which inform application owners of changes.

Steps

  1. To update a SAML or PingAccess template, click the Expand icon associated with the template.

  2. If the template is based on an outdated configuration, you can click the Sync button to sync the template with the latest configuration available.

  3. Click the Pencil icon.

    All the editable information is on one page.

  4. Update the information in the Name and Description fields or select a new icon to represent the template.

  5. Click Save.

Reverting templates to previous versions

The history of each template is available to review and compare with previous versions. You can see which administrator modified the template configuration or policy contract, when it was modified, and details regarding these modifications. You can revert templates to previous versions if necessary.

Steps

  1. To review the template history, click the Expand icon associated with the template, and then click the History tab.

  2. Click the Details link associated with each template version to see its configuration.

  3. To restore this version as the current version, click Restore This Version.

    A new version of the template is created that matches the configuration of the version that you want to restore.

    The template revision numbers increment on a system-wide level, not on a per-template basis. So the first time any template in PingCentral is changed, it will have a revision of 1. A change made to a completely different template results in a revision of 6, and so forth. Reverting a template generates another revision, which again increments on a system-wide basis.

Deleting templates

Steps

  1. Click the expandable icon associated with the template to view template details.

  2. To delete the template from PingCentral, click its associated Delete icon.

    You cannot delete templates that are still associated with applications.
    Result:

    A message opens, asking you if you want to delete the template.

  3. Click Delete.

    A message opens, saying that the template was deleted.