PingFederate Server

Migrating to the integrated LDAP Username PCV

About this task

As of PingFederate 7.3, the integrated LDAP Username Password Credential Validator (PCV) can return additional attribute values upon successful validation.

If you have previously deployed the LDAPExtendedAttributesPCV-<version>.jar file from the PingID integration kit and created an instance of the LDAP PCV with Extended Attributes, migrate to the integrated LDAP Username PCV.

Steps

  1. Create an instance of the integrated LDAP Username PCV:

    1. Go to System → Data & Credential Stores → Password Credential Validators and click Create New Instance.

    2. On the Type tab, enter the required information and select LDAP Username Password Credential Validator from the list.

    3. On the Instance Configuration tab, select an LDAP datastore from the list, enter a search base and a search filter, and select the scope of the search.

      You can reuse the information from the existing LDAP PCV with Extended Attributes instance.

    4. On the Extended Contract tab, enter memberOf in the Extend the Contract section, and click Add.

    5. On the Summary tab, review the setup and click Done.

    6. On the Manage Credential Validator Instances page, click Save.

  2. In the configuration where the LDAP PCV with Extended Attributes instance is used, replace it with the newly created LDAP Username Password Credential Validator instance.

    For example, if you have created an instance of the PingID PCV (with integrated RADIUS server) instance and have selected an instance of the LDAP PCV with Extended Attributes as one of the delegate PCVs, remove the selection and add the newly created LDAP Username Password Credential Validator instance to the list.

  3. After replacing the LDAP PCV with Extended Attributes instance, delete it from the Password Credential Validators page.

  4. Remove the <pf_install>/pingfederate/server/default/deploy/LDAPExtendedAttributesPCV-<version>.jar file on all PingFederate servers.

  5. Restart PingFederate on all PingFederate servers.