PingFederate Server

System requirements

PingFederate has the following recommended system versions and requirements.

Operating systems and virtualization

PingFederate is tested with default configurations of operating-system components. If your organization customizes implementations or installs third-party plugins, deployment efforts could affect the PingFederate server.
Component Supported versions

Operating systems

  • Amazon Linux 2022 and 2023

  • Canonical Ubuntu 20.04 LTS, 22.04 LTS, and 24.04 LTS

  • Microsoft Windows Server 2016, 2019, and 2022

  • Oracle Linux (Red Hat Compatible Kernel) 7.9, 8.9, and 9.4

  • Red Hat Enterprise Linux ES 7.9, 8.9, and 9.5

  • SUSE Linux Enterprise 12 SP5 and 15 SP4

  • RockyLinux 9.3 and 9.5

Docker support

  • Docker version: 26.0.0 View the PingFederate Docker image on DockerHub. Visit Ping Identity’s DevOps documentation for more information. Note that only the PingFederate software is licensed under Ping Identity’s end user license agreement, and any other software components contained within the image are licensed solely under the terms of the applicable open source or third-party license.

Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance or interoperability of any virtualization software with its products.

Virtualization

Although Ping Identity does not qualify or recommend any specific virtual machine (VM) or container products other than those already specified, PingFederate has run well on several, including Hyper-V, VMWare, and Xen.

The list of products is provided for example purposes only. We view all products in this category equally. Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance, interoperability, or both of any VM or container software with its products.

Java environment

  • Amazon Corretto 11 and 17

  • OpenJDK 11 and 17

  • Oracle Java SE Development Kit 11 LTS and 17 LTS

Ping Identity Java Support Policy applies. Learn more in Java Support Policy in the Ping Identity Knowledge Base.

PingFederate does not support any JDK 11 version prior to 11.0.4 due to an error covered in the Oracle Java Bug Database.

Browsers

Server Supported browsers

Runtime server

  • Apple Safari

  • Google Chrome

  • Microsoft Edge

  • Mozilla Firefox

  • Apple iOS 16 (Safari)

  • Google Android 13 (Chrome)

Administrative server

  • Google Chrome

  • Microsoft Edge

  • Mozilla Firefox

TLS protocol

Runtime server and administrative server

  • TLS 1.2 and 1.3

Datastore integration

Functionality Supported versions

User-attribute lookup

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • PingDS (Formerly ForgeRock DS) 7.5

  • Amazon DynamoDB

  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)

  • Aurora PostgreSQL (compatible with PostgreSQL 16.4)

  • Azure SQL Managed Instance

  • Microsoft Active Directory 2016 and 2022

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Database 12c Release 2 and 19c

  • Oracle MySQL 8.0

  • Oracle Unified Directory 12c

  • PostgreSQL 13.4, 16.4, and 17.0

  • Custom implementation through the PingFederate SDK

SaaS or SCIM outbound provisioning
Provisioning channel data source

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • PingDS (Formerly ForgeRock DS) 7.5

  • Microsoft Active Directory 2016 and 2022

  • Oracle Unified Directory 12c

Provisioning internal datastore

  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)

  • Aurora PostgreSQL (compatible with PostgreSQL 16.4)

  • Azure SQL Managed Instance

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Database 12c Release 2 and 19c

  • Oracle MySQL 8.0

  • PostgreSQL 13.4, 16.4, and 17.0

SCIM inbound provisioning

  • Microsoft Active Directory 2016 and 2022

  • Custom implementation through the PingFederate SDK

Just-in-time (JIT) inbound provisioning

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • PingDS (Formerly ForgeRock DS) 7.5

  • Azure SQL Managed Instance

  • Microsoft Active Directory 2016 and 2022

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Unified Directory 12c

Account linking

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • PingDS (Formerly ForgeRock DS) 7.5

  • Amazon DynamoDB

  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)

  • Aurora PostgreSQL (compatible with PostgreSQL 16.4)

  • Azure SQL Managed Instance

  • Microsoft Active Directory 2016 and 2022

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Database 12c Release 2 and 19c

  • Oracle MySQL 8.0

  • Oracle Unified Directory 12c

  • PostgreSQL 13.4, 16.4, and 17.0

OAuth client configuration and persistent grants

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • PingDS (Formerly ForgeRock DS) 7.5

  • Amazon DynamoDB

  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)

  • Aurora PostgreSQL (compatible with PostgreSQL 16.4)

  • Azure SQL Managed Instance

  • Microsoft Active Directory 2016 and 2022

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Database 12c Release 2 and 19c

  • Oracle MySQL 8.0

  • Oracle Unified Directory 12c

  • PostgreSQL 13.4, 16.4, and 17.0

  • Custom implementation through the PingFederate SDK

Registration and profile management of local identities

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

Persistent authentication sessions

  • PingDirectory 9.2, 9.3, 10.0, 10.1, 10.2

  • Amazon DynamoDB

  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)

  • Aurora PostgreSQL (compatible with PostgreSQL 16.4)

  • Azure SQL Managed Instance

  • Microsoft SQL Server 2016 SP2, 2017, 2019 and 2022

  • Oracle Database 12c Release 2 and 19c

  • Oracle MySQL 8.0

  • PostgreSQL 13.4, 16.4, and 17.0

  • Custom implementation through the PingFederate SDK

PingFederate was tested with vendor-specific Java database connectivity (JDBC) 4.2 drivers. Learn more in Compatible database drivers.

Secret manager (optional)

CyberArk Credential Provider 12

Hardware security modules (optional)

When integrating with an AWS CloudHSM hardware security module (HSM), you must deploy with an Oracle Server Java Runtime Environment (JRE), OpenJDK, or Amazon Corretto distribution of Java 11.
Hardware security module Qualified versions

AWS CloudHSM

  • Client software version: 5.14

PingFederate must be deployed on one of the Linux or Windows operating systems supported by both AWS CloudHSM and PingFederate.

Entrust nShield Connect HSMs

  • Host and Firmware version: 13.6.3

  • Client driver version: 16.6.3

Thales Luna Cloud HSM Services and Luna Network HSM

  • Luna HSM Client 10.7

Learn more about the Luna HSM Client, including compatible HSMs, HSM firmware, appliance software, and client software in Luna Cloud HSM Service Client Guide and the Luna Network HSM Documentation Archive.

Minimum hardware requirements

  • Multi-core Intel Xeon processor or higher

    We recommend a minimum of four processing cores distributed across any number of CPUs.

  • 4 GB of RAM

    Step 1.5 GB available to PingFederate

  • 1 GB of available hard drive space

Although it’s possible to run PingFederate on less powerful hardware, the guidelines provided accommodate disk space for default logging, auditing profiles, and CPU resources for a moderate level of concurrent request processing.