IdP user-facing pages

PingFederate has a variety of customizable user-facing page templates that apply to identity provider (IdP) pages. The templates are organized by HTML Form Adapter, Kerberos Adapter, single sign-on (SSO), single logout (SLO), WS-Federation, and OpenID Connect (OIDC).

HTML Form Adapter

Page title and template file name	Purpose	Type	Action
Sign On or Choose an Account identifier.first.template.html	Prompts a user to provide their username when an Identifier First Adapter instance is invoked to handle a sign-on request.	Normal	User input required
Sign On html.form.login.template.html	Displays a customizable user sign-on form when an HTML Form Adapter instance is invoked to handle a sign-on request. If the invoked HTML Form Adapter instance is associated with a local identity profile configured to support authentication via third-party identity providers, the sign-on page will display those identity providers. This is a core HTML template.	Normal	User input required
Change Password html.form.change.password.template.html	Displayed when a user attempts to change their password through the HTML Form Adapter.	Normal	User input required
Change Password html.form.message.template.html	Displayed when a user successfully changes their password. This is a core HTML template.	Normal	User input required
Password Expiring html.form.password.expiring.notification.template.html	Displayed to warn an authenticated user that the password associated with the account is about to expire. This is a core HTML template.	Normal	User input required
Password Management System Message html.form.message.template.html	Displayed when a user is redirected to a password management system to change their password. This is a core HTML template.	Normal	User input required
Account Recovery forgot-password.html	Displayed when a user attempts to reset their password through the HTML Form Adapter. If the user enters a username in the sign-on form, the username carries over to this form. Otherwise, the user must enter their username to begin the self-service password reset process.	Normal	User input required
Account Recovery forgot-password-resume.html	Displayed to prompt a user to enter the one-time password sent through a notification or to notify a user to refer to the notification for password reset instructions. This template is applicable when the password reset type is Email One-Time Link, Email One-Time Password, or Text Message for the invoked HTML Form Adapter instance.	Normal	User input required
Reset Your Password forgot-password-change.html	Displayed to prompt a user to define a new password.	Normal	User input required
Account Recovery forgot-password-success.html	Displayed when a user successfully resets their password.	Normal	User input required
Account Recovery forgot-password-error.html	Displayed when a password reset attempt fails.	Error	None
Unlock Your Account account-unlock.html	Displayed when a user successfully unlocks their account through the HTML Form Adapter. This page also prompts the user to retain the current password, or reset it.	Normal	User input required
Security Question html.form.login.challenge.template.html	Displays a configurable challenge form for two-step authentication. For example, this template can be used to create a RADIUS challenge form when using the RADIUS Username/Password Credential Validator. This is a core HTML template.	Normal	User input required
User Consent consent-form-template.html	Displayed when a request requires a user’s consent for an SSO to an SP.	Normal	User input required
Logout Confirmation idp.slo.confirm.page.template.html	Displayed when a user initiates a logout request. Applicable only if such confirmation is required, as configured on the Authentication → Integration → IdP Default URL window.	Normal	User input required
Sign Off idp.logout.success.page.template.html	Displayed when a user successfully signs off in a configuration where the Logout Path field is configured but the Logout Redirect field is not.	Normal	None
Create Your Account local.identity.registration.html	Displays a configurable challenge form for two-step authentication.Displayed when a user requests to register for a local account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service registration.	Normal	User input required
Manage Your Profile local.identity.profile.html	Displayed when an authenticated user accesses the profile management endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service profile management.	Normal	User input required
Email Verification local.identity.email.verification.sent.html	Displays a notification that an email ownership verification message has been sent when an authenticated user accesses the email ownership verification endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts.	Normal	None
Email Verified local.identity.email.verification.success.html	Displays a confirmation that the user has successfully verified the ownership of the email address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts.	Normal	None
Email Verification Error local.identity.email.verification.error.html	Displays that the user failed to verify the ownership of the email address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts.	Error	User can request another verification email by accessing the email ownership verification endpoint or the profile management page (if enabled). Authentication is required. Alternatively, the user can contact their IT administrators for further assistance.
Username Recovery username.recovery.template.html	Displays to prompt the user to enter an email address to recover the username associated with the account. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery.	Normal	User input required
Username Recovery username.recovery.info.template.html	Displays to notify the user to retrieve the notification message with the recovered username. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery.	Normal	User should retrieve the notification message with the recovered username.

Page title and template file name

Purpose

Type

Action

Sign On or Choose an Account

identifier.first.template.html

Prompts a user to provide their username when an Identifier First Adapter instance is invoked to handle a sign-on request.

Normal

User input required

Sign On

html.form.login.template.html

Displays a customizable user sign-on form when an HTML Form Adapter instance is invoked to handle a sign-on request.

If the invoked HTML Form Adapter instance is associated with a local identity profile configured to support authentication via third-party identity providers, the sign-on page will display those identity providers.

This is a core HTML template.

Normal

User input required

Change Password

html.form.change.password.template.html

Displayed when a user attempts to change their password through the HTML Form Adapter.

Normal

User input required

Change Password

html.form.message.template.html

Displayed when a user successfully changes their password.

This is a core HTML template.

Normal

User input required

Password Expiring

html.form.password.expiring.notification.template.html

Displayed to warn an authenticated user that the password associated with the account is about to expire.

This is a core HTML template.

Normal

User input required

Password Management System Message

html.form.message.template.html

Displayed when a user is redirected to a password management system to change their password.

This is a core HTML template.

Normal

User input required

Account Recovery

forgot-password.html

Displayed when a user attempts to reset their password through the HTML Form Adapter.

If the user enters a username in the sign-on form, the username carries over to this form. Otherwise, the user must enter their username to begin the self-service password reset process.

Normal

User input required

Account Recovery

forgot-password-resume.html

Displayed to prompt a user to enter the one-time password sent through a notification or to notify a user to refer to the notification for password reset instructions.

This template is applicable when the password reset type is Email One-Time Link, Email One-Time Password, or Text Message for the invoked HTML Form Adapter instance.

Normal

User input required

Reset Your Password

forgot-password-change.html

Displayed to prompt a user to define a new password.

Normal

User input required

Account Recovery

forgot-password-success.html

Displayed when a user successfully resets their password.

Normal

User input required

Account Recovery

forgot-password-error.html

Displayed when a password reset attempt fails.

Error

None

Unlock Your Account

account-unlock.html

Displayed when a user successfully unlocks their account through the HTML Form Adapter.

This page also prompts the user to retain the current password, or reset it.

Normal

User input required

Security Question

html.form.login.challenge.template.html

Displays a configurable challenge form for two-step authentication. For example, this template can be used to create a RADIUS challenge form when using the RADIUS Username/Password Credential Validator.

This is a core HTML template.

Normal

User input required

User Consent

consent-form-template.html

Displayed when a request requires a user’s consent for an SSO to an SP.

Normal

User input required

Logout Confirmation

idp.slo.confirm.page.template.html

Displayed when a user initiates a logout request.

Applicable only if such confirmation is required, as configured on the Authentication → Integration → IdP Default URL window.

Normal

User input required

Sign Off

idp.logout.success.page.template.html

Displayed when a user successfully signs off in a configuration where the Logout Path field is configured but the Logout Redirect field is not.

Normal

None

Create Your Account

local.identity.registration.html

Displays a configurable challenge form for two-step authentication.Displayed when a user requests to register for a local account.

Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service registration.

Normal

User input required

Manage Your Profile

local.identity.profile.html

Displayed when an authenticated user accesses the profile management endpoint.

Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service profile management.

Normal

User input required

Email Verification

local.identity.email.verification.sent.html

Displays a notification that an email ownership verification message has been sent when an authenticated user accesses the email ownership verification endpoint.

Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts.

Normal

None

Email Verified

local.identity.email.verification.success.html

Displays a confirmation that the user has successfully verified the ownership of the email address associated with the account.

Normal

None

Email Verification Error

local.identity.email.verification.error.html

Displays that the user failed to verify the ownership of the email address associated with the account.

Error

User can request another verification email by accessing the email ownership verification endpoint or the profile management page (if enabled). Authentication is required.

Alternatively, the user can contact their IT administrators for further assistance.

Username Recovery

username.recovery.template.html

Displays to prompt the user to enter an email address to recover the username associated with the account.

Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery.

Normal

User input required

Username Recovery

username.recovery.info.template.html

Displays to notify the user to retrieve the notification message with the recovered username.

Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery.

Normal

User should retrieve the notification message with the recovered username.

Kerberos Adapter

Page title and template file name	Purpose	Type	Action
Error kerberos.error.template.html	Displays an error page to provide standardized information to the end user when the authentication attempt fails.	Error	Consult log
(No title) meta.refresh.template.html	Facilitates the failover mechanism from a Kerberos Adapter instance to the next phase when it is part of a Composite Adapter instance configuration or an authentication policy.	Normal	None

Page title and template file name

Purpose

Type

Action

Error

kerberos.error.template.html

Displays an error page to provide standardized information to the end user when the authentication attempt fails.

Error

Consult log

(No title)

meta.refresh.template.html

Facilitates the failover mechanism from a Kerberos Adapter instance to the next phase when it is part of a Composite Adapter instance configuration or an authentication policy.

Normal

None

Single sign-on and logout

Page title and template file name	Purpose	Type	Action
Select Authentication System sourceid-choose-idp-adapter-form-template.html	Displayed when multiple authentication sources are applicable and no preference is submitted as part of the request.	Normal	User input required
Sign On Error idp.sso.error.page.template.html	Displayed when IdP-initiated or adapter-to-adapter SSO fails and no other SSO error landing page is specified.	Error	Consult log and web developer
Sign Off Successful idp.slo.success.page.template.html	Displayed when an SLO request succeeds and no other SLO success landing page is specified.	Normal	None
Sign Off Error idp.slo.error.page.template.html	Displayed when an SLO request fails and no other SLO error landing page is specified.	Error	User should close the browser

Page title and template file name

Purpose

Type

Action

Select Authentication System

sourceid-choose-idp-adapter-form-template.html

Displayed when multiple authentication sources are applicable and no preference is submitted as part of the request.

Normal

User input required

Sign On Error

idp.sso.error.page.template.html

Displayed when IdP-initiated or adapter-to-adapter SSO fails and no other SSO error landing page is specified.

Error

Consult log and web developer

Sign Off Successful

idp.slo.success.page.template.html

Displayed when an SLO request succeeds and no other SLO success landing page is specified.

Normal

None

Sign Off Error

idp.slo.error.page.template.html

Displayed when an SLO request fails and no other SLO error landing page is specified.

Error

User should close the browser

WS-Federation and OpenID Connect

Page title and template file name Purpose Type Action

Page title and template file name	Purpose	Type	Action
Working . . . sourceid-wsfed-http-post-template.html	Used to auto-submit a WS-Federation assertion to the SP. If JavaScript is disabled, the user is prompted to click a button to POST the assertion directly. This page is normally not displayed if JavaScript executes properly.	Normal	None
Signing off. . . sourceid-wsfed-idp-signout-cleanup-invisible-template.html	WS-Federation and OIDC client IdP sign-out processing page. No HTML is rendered in the browser.	Normal	None
Sign Off Successful sourceid-wsfed-idp-signout-cleanup-template.html	Indicates user signed out of the IdP under the WS-Federation protocol and lists each successful SP logout, when applicable. Also displays when an OIDC client sends a logout request to the `/idp/startSLO.ping` endpoint to initiate an Asynchronous Front-Channel Logout process.	Normal	None

Working . . .

sourceid-wsfed-http-post-template.html

Used to auto-submit a WS-Federation assertion to the SP. If JavaScript is disabled, the user is prompted to click a button to POST the assertion directly.

This page is normally not displayed if JavaScript executes properly.

Normal

None

Signing off. . .

sourceid-wsfed-idp-signout-cleanup-invisible-template.html

WS-Federation and OIDC client IdP sign-out processing page.

No HTML is rendered in the browser.

Normal

None

Sign Off Successful

sourceid-wsfed-idp-signout-cleanup-template.html

Indicates user signed out of the IdP under the WS-Federation protocol and lists each successful SP logout, when applicable.

Also displays when an OIDC client sends a logout request to the /idp/startSLO.ping endpoint to initiate an Asynchronous Front-Channel Logout process.

Normal

None

PingFederate Server

IdP user-facing pages

HTML Form Adapter

Kerberos Adapter

Single sign-on and logout

WS-Federation and OpenID Connect