PingGateway

Configuring CORS for FAPI

FAPI clients make their requests through PingGateway. This includes requests to authenticate end users in the process of getting an ID token. The end user authenticates through the PingOne Advanced Identity Cloud end-user UI. End-user authentication involves a cross-domain request from the PingGateway domain to the PingOne Advanced Identity Cloud domain.

Cross-origin resource sharing (CORS) lets user-agents make cross-domain server requests. Follow these steps to allow cross-domain requests from PingGateway to PingOne Advanced Identity Cloud:

  1. Sign on to the Advanced Identity Cloud admin UI as an administrator.

  2. Create a custom CORS configuration with the following settings.

    CORS configurations apply for all tenant realms.
    Setting Use

    Name

    FAPI

    Accepted Origins

    The PingGateway endpoint, such as https://gateway.example.com:8443

    Accepted Methods

    DELETE
    FETCH
    GET
    OPTIONS
    PATCH
    POST
    PUT

    Accepted Headers

    The Cookie name for your tenant (iPlanetDirectoryPro by default for self-hosted AM)
    accept-api-version
    accept-encoding
    accept-language
    accept
    authority
    authorization
    content-type
    cookie
    method
    path
    referer
    scheme
    sec-ch-ua-mobile
    sec-ch-ua-platform
    sec-ch-ua
    sec-fetch-dest
    sec-fetch-mode
    sec-fetch-site
    sec-fetch-user
    upgrade-insecure-requests
    user-agent
    x-forgerock-transactionid
    x-requested-with

    Exposed Headers
    (under Show advanced settings)

    access-control-allow-origin
    cache-control
    content-api-version
    content-language
    content-length
    content-type
    date
    etag
    expires
    last-modified
    pragma
    set-cookie
    strict-transport-security
    x-content-type-options
    x-forgerock-transactionid
    x-frame-options

  3. Click Save CORS Configuration.

You have successfully configured CORS for FAPI.