Enabling OAuth 2.0 authorization
PingFederate clients can gain access to the administrative API endpoint by providing an OAuth 2.0 access token. The <pf_install>/pingfederate/bin/oauth2.properties
file contains settings that allow you to configure information required to interact with the authorization server as a client.
Steps
-
In the
<pf_install>/pingfederate/bin/run.properties
file, set the value of thepf.admin.api.authentication
property toOAuth2
.You can also configure PingFederate to support both
OAuth2
authorization and a basic authentication method by specifying two values separated with a comma. For example, specifypf.admin.api.authentication=OAuth2,LDAP
. The basic authentication methods arenative
,LDAP
, andRADIUS
. Supporting two authentication methods is helpful when you want to change applications from one method to another. For more information about supporting two authentication methods, see the description ofpf.admin.api.authentication
in Configuring PingFederate properties. -
In the
<pf_install>/pingfederate/bin/oauth2.properties
file, change property values as needed. For instructions and additional information, see the comments in the file.Remember to assign at least one of the PingFederate administrative roles, as indicated in the properties file. For information about permissions attached to the PingFederate roles, see the PingFederate User Access Control table in Configure access to the administrative API.
-
Restart PingFederate.
In a clustered PingFederate environment, you only need to modify
run.properties
andoauth2.properties
on the console node.