PingFederate Server

Adding custom HTTP response headers

The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS), to enforce HTTPS-based access and P3P.

Steps

  1. Edit the response-header-admin-config.xml file or the response-header-runtime-config.xml file, or both, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

  2. Save your changes.

  3. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on System → Server → Cluster Management.