Connecting to a remote process
If PingFederate is running as a Windows Service, or if the org.pingidentity.RunPF
class is unavailable in the Local Process list, use this procedure to establish a connection.
About this task
To enable remote JMX monitoring in PingFederate:
Steps
-
In the Administrative Console, go to the Security → System Integration → Service Authentication window.
-
Define the credentials that are required to connect to the PingFederate JMX service.
-
Restart PingFederate to enable the JMX Service.
-
If PingFederate is deployed in a clustered environment:
-
Replicate the configuration changes on each node in the cluster.
-
Restart each engine node.
-
-
After you enable the JMX service, connect to the remote JMX service by specifying the hostname and port
1099
, or a service URL like the following:service:jmx:rmi:///jndi/rmi://[hostname]:1099/jmxrmi
Because JMX uses SSL by default when communicating with a remote host, the client host must trust the PingFederate SSL certificate that is presented when a connection is established.
To disable the use of SSL for JMX, open the
/server/default/conf/jmx-remote-config.xml
file and set the<item name="jmx.rmi.ssl">
property tofalse
.If the JMX client does not trust the JMX certificate, a
connection failed
SSL message appears. -
If SSL is enabled in
jmx-remote-config.xml
, import the PingFederate SSL certificate to the client’s trusted certificates. -
If SSL is disabled, click Insecure to connect.