IdP user-facing pages
PingFederate has a variety of customizable user-facing page templates that apply to identity provider (IdP) pages. The templates are organized by HTML Form Adapter, Kerberos Adapter, single sign-on (SSO), single logout (SLO), WS-Federation, and OpenID Connect (OIDC).
HTML Form Adapter
Page title and template file name | Purpose | Type | Action |
---|---|---|---|
Sign On or Choose an Account identifier.first.template.html |
Prompts a user to provide their username when an Identifier First Adapter instance is invoked to handle a sign-on request. |
Normal |
User input required |
Sign On html.form.login.template.html |
Displays a customizable user sign-on form when an HTML Form Adapter instance is invoked to handle a sign-on request. If the invoked HTML Form Adapter instance is associated with a local identity profile configured to support authentication via third-party identity providers, the sign-on page will display those identity providers. This is a core HTML template. |
Normal |
User input required |
Change Password html.form.change.password.template.html |
Displayed when a user attempts to change their password through the HTML Form Adapter. |
Normal |
User input required |
Change Password html.form.message.template.html |
Displayed when a user successfully changes their password. This is a core HTML template. |
Normal |
User input required |
Password Expiring html.form.password.expiring.notification.template.html |
Displayed to warn an authenticated user that the password associated with the account is about to expire. This is a core HTML template. |
Normal |
User input required |
Password Management System Message html.form.message.template.html |
Displayed when a user is redirected to a password management system to change their password. This is a core HTML template. |
Normal |
User input required |
Account Recovery forgot-password.html |
Displayed when a user attempts to reset their password through the HTML Form Adapter. If the user enters a username in the sign-on form, the username carries over to this form. Otherwise, the user must enter their username to begin the self-service password reset process. |
Normal |
User input required |
Account Recovery forgot-password-resume.html |
Displayed to prompt a user to enter the one-time password sent through a notification or to notify a user to refer to the notification for password reset instructions. This template is applicable when the password reset type is Email One-Time Link, Email One-Time Password, or Text Message for the invoked HTML Form Adapter instance. |
Normal |
User input required |
Reset Your Password forgot-password-change.html |
Displayed to prompt a user to define a new password. |
Normal |
User input required |
Account Recovery forgot-password-success.html |
Displayed when a user successfully resets their password. |
Normal |
User input required |
Account Recovery forgot-password-error.html |
Displayed when a password reset attempt fails. |
Error |
None |
Unlock Your Account account-unlock.html |
Displayed when a user successfully unlocks their account through the HTML Form Adapter. This page also prompts the user to retain the current password, or reset it. |
Normal |
User input required |
Security Question html.form.login.challenge.template.html |
Displays a configurable challenge form for two-step authentication. For example, this template can be used to create a RADIUS challenge form when using the RADIUS Username/Password Credential Validator. This is a core HTML template. |
Normal |
User input required |
User Consent consent-form-template.html |
Displayed when a request requires a user’s consent for an SSO to an SP. |
Normal |
User input required |
Logout Confirmation idp.slo.confirm.page.template.html |
Displayed when a user initiates a logout request. Applicable only if such confirmation is required, as configured on the Authentication → Integration → IdP Default URL window. |
Normal |
User input required |
Sign Off idp.logout.success.page.template.html |
Displayed when a user successfully signs off in a configuration where the Logout Path field is configured but the Logout Redirect field is not. |
Normal |
None |
Create Your Account local.identity.registration.html |
Displays a configurable challenge form for two-step authentication.Displayed when a user requests to register for a local account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service registration. |
Normal |
User input required |
Manage Your Profile local.identity.profile.html |
Displayed when an authenticated user accesses the profile management endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service profile management. |
Normal |
User input required |
Email Verification local.identity.email.verification.sent.html |
Displays a notification that an email ownership verification message has been sent when an authenticated user accesses the email ownership verification endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Normal |
None |
Email Verified local.identity.email.verification.success.html |
Displays a confirmation that the user has successfully verified the ownership of the email address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Normal |
None |
Email Verification Error local.identity.email.verification.error.html |
Displays that the user failed to verify the ownership of the email address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Error |
User can request another verification email by accessing the email ownership verification endpoint or the profile management page (if enabled). Authentication is required. Alternatively, the user can contact their IT administrators for further assistance. |
Username Recovery username.recovery.template.html |
Displays to prompt the user to enter an email address to recover the username associated with the account. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery. |
Normal |
User input required |
Username Recovery username.recovery.info.template.html |
Displays to notify the user to retrieve the notification message with the recovered username. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery. |
Normal |
User should retrieve the notification message with the recovered username. |
Kerberos Adapter
Page title and template file name | Purpose | Type | Action |
---|---|---|---|
Error kerberos.error.template.html |
Displays an error page to provide standardized information to the end user when the authentication attempt fails. |
Error |
Consult log |
(No title) meta.refresh.template.html |
Facilitates the failover mechanism from a Kerberos Adapter instance to the next phase when it is part of a Composite Adapter instance configuration or an authentication policy. |
Normal |
None |
Single sign-on and logout
Page title and template file name | Purpose | Type | Action |
---|---|---|---|
Select Authentication System sourceid-choose-idp-adapter-form-template.html |
Displayed when multiple authentication sources are applicable and no preference is submitted as part of the request. |
Normal |
User input required |
Sign On Error idp.sso.error.page.template.html |
Displayed when IdP-initiated or adapter-to-adapter SSO fails and no other SSO error landing page is specified. |
Error |
Consult log and web developer |
Sign Off Successful idp.slo.success.page.template.html |
Displayed when an SLO request succeeds and no other SLO success landing page is specified. |
Normal |
None |
Sign Off Error idp.slo.error.page.template.html |
Displayed when an SLO request fails and no other SLO error landing page is specified. |
Error |
User should close the browser |
WS-Federation and OpenID Connect
Page title and template file name | Purpose | Type | Action |
---|---|---|---|
Working . . . sourceid-wsfed-http-post-template.html |
Used to auto-submit a WS-Federation assertion to the SP. If JavaScript is disabled, the user is prompted to click a button to POST the assertion directly. This page is normally not displayed if JavaScript executes properly. |
Normal |
None |
Signing off. . . sourceid-wsfed-idp-signout-cleanup-invisible-template.html |
WS-Federation and OIDC client IdP sign-out processing page. No HTML is rendered in the browser. |
Normal |
None |
Sign Off Successful sourceid-wsfed-idp-signout-cleanup-template.html |
Indicates user signed out of the IdP under the WS-Federation protocol and lists each successful SP logout, when applicable. Also displays when an OIDC client sends a logout request to the |
Normal |
None |