PingFederate Server

Enabling OAuth 2.0 authorization

PingFederate clients can gain access to the administrative API endpoint by providing an OAuth 2.0 access token. The <pf_install>/pingfederate/bin/oauth2.properties file contains settings that allow you to configure information required to interact with the authorization server as a client.

Steps

  1. In the <pf_install>/pingfederate/bin/run.properties file, set the value of the pf.admin.api.authentication property to OAuth2.

    You can also configure PingFederate to support both OAuth2 authorization and a basic authentication method by specifying two values separated with a comma. For example, specify pf.admin.api.authentication=OAuth2,LDAP. The basic authentication methods are native, LDAP, and RADIUS. Supporting two authentication methods is helpful when you want to change applications from one method to another. For more information about supporting two authentication methods, see the description of pf.admin.api.authentication in Configuring PingFederate properties.

  2. In the <pf_install>/pingfederate/bin/oauth2.properties file, change property values as needed. For instructions and additional information, see the comments in the file.

    Remember to assign at least one of the PingFederate administrative roles, as indicated in the properties file. For information about permissions attached to the PingFederate roles, see the PingFederate User Access Control table in Configure access to the administrative API.

  3. Restart PingFederate.

    In a clustered PingFederate environment, you only need to modify run.properties and oauth2.properties on the console node.