Configuring a PingOne LDAP Gateway datastore
The PingOne LDAP Gateway reduces the complexity of moving to the cloud while maintaining connectivity to on-premise end-user data.
Before you begin
Make sure you have the following in place:
-
A PingOne environment configured with an LDAP gateway. Learn more in Gateways and Adding a LDAP Gateway.
-
A connection between PingFederate and PingOne. Learn more in Creating connections to PingOne.
About this task
When PingFederate is deployed off-premise as a PingOne Advanced Service or in your own cloud deployment, you can configure the PingOne LDAP Gateway datastore to enable PingFederate to access an on-premise LDAP directory for HTML Form Adapter functionality, provisioning, customer identity access management (CIAM), and other areas.
Currently, you cannot use the PingOne LDAP Gateway for grant storage, persistent authentication sessions, and OAuth client records. All other LDAP datastore functionality works in the same way as the direct LDAP datastore. |
Steps
-
Go to System > Data & Credential Stores > Data Stores.
-
In the Data Stores page, click Add New Data Store.
-
On the Data Store Type tab, enter a name for the datastore in the Name field.
-
In the Type list, select PingOne LDAP Gateway.
-
(Optional) To mask attribute values returned from this datastore in PingFederate logs, select the Mask Values in Log checkbox.
-
Click Next.
-
In the LDAP Gateway Configuration page, configure your LDAP Gateway as follows.
-
In the PingOne Environment list, select your PingOne environment.
-
In the PingOne LDAP Gateway list, select your PingOne LDAP gateway.
-
-
Click Test Connection to determine whether the administrative node can communicate with the specified datastore.
-
Datastore validation is not enabled during configuration, which lets you configure datastores without requiring a successful connection between the administrative node and the datastore. You can also save the datastore even if the connection is not currently successful.
-
Due to the implementation of Client TLS Certificate Authentication in Active Directory, when the LDAP Type is Active Directory and the Authentication Method is Client TLS Certificate, the connection test always succeeds, even when an incorrect certificate is selected. This is not the case when PingFederate attempts to retrieve data from the datastore because the connection will fail to bind.
-
-
Click Advanced to configure LDAP attributes to be handled as binary data.
-
Click Next to view the summary of your LDAP gateway datastore configuration.
-
Click Save.