PingFederate Server

CyberArk’s authentication methods

CyberArk administrators can configure one or more authentication methods between the CyberArk Credential Provider and its Vault.

The Credential Provider supports any combination of the following authentication methods:

  • Hash

  • OS user

  • Allowed machines

  • Path

Learn more about CyberArk’s authentication methods in Application authentication methods in the CyberArk documentation.

The following sections provide additional information specific to using the hash authentication method and OS user authentication method with PingFederate.

Hash authentication method

Learn more about using the hash authentication method in Authenticate with a hash value in the CyberArk documentation.

The hash changes when you perform a major or minor upgrade, or a maintenance update, of PingFederate. So you must regenerate the hash after an upgrade or update, otherwise PingFederate won’t be able to retrieve credentials from CyberArk.

The following syntax and examples show how to use CyberArk’s aimgetappinfo utility to generate a hash in Linux and Windows environments.

Linux syntax

aimgetappinfo GetHash -FilePath "<path to>/pf-core-plugins.jar"

Linux example command and its output

/opt/CARKaim/bin$ ./aimgetappinfo GetHash
   -FilePath "/home/imok/Downloads/pingfederate-11.0.0/pingfederate/server/default/lib/pf-core-plugins.jar"
<generated hash>
Command ended successfully

Windows syntax

AIMGetAppInfo GetHash /FilePath "<path to>\pf-core-plugins.jar"

Windows example command and its output

C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Utils>AIMGetAppInfo GetHash
   /FilePath "C:\Users\Administrator\Downloads\pingfederate-11.0.0\pingfederate\server\default\lib\pf-core-plugins.jar"
<generated hash>
Command ended successfully

OS user authentication method

Learn more about the OS user authentication method in OS user authentication in the CyberArk documentation.

In a Windows environment, if the PingFederate Windows service is installed or configured with Log On As: Local System, the CyberArk admin must enter NT AUTHORITY\SYSTEM as the OS user entry.