Requirements
Ping Identity supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here. |
Downloads
Download product software from the BackStage download site:
File | Description |
---|---|
|
Cross-platform distribution including all software components. |
|
Web application for testing PingGateway configurations |
For information about using the Docker image provided with the product software, refer to PingGateway’s Deploy with Docker.
Operating systems
The following operating system versions are supported:
Vendor | PingGateway 2024.9 | PingGateway 2024.6 | IG 2024.3 | IG 2023.11 | IG 2023.9 | IG 2023.6 | IG 2023.4 | IG 2023.2 |
---|---|---|---|---|---|---|---|---|
Amazon Linux |
2, 2023 |
2, 2023 |
2, 2023 |
2, 2023 |
2, 2023 |
- |
- |
- |
Red Hat Enterprise Linux |
7, 8, 9 |
7, 8, 9 |
7, 8, 9 |
7, 8, 9 |
7, 8, 9 |
7, 8, 9 |
7, 8 |
7, 8 |
Centos OS |
7 |
7 |
7 |
7 |
7 |
7 |
7 |
7 |
Ubuntu LTS |
22.04, 20.04 |
22.04, 20.04 |
22.04, 20.04 |
22.04, 20.04 |
22.04, 20.04 |
22.04, 20.04 |
20.04 |
20.04 |
Windows Server |
2016, 2019, 2022 |
2016, 2019, 2022 |
2016, 2019, 2022 |
2016, 2019 |
2016, 2019 |
2016, 2019 |
2016, 2019 |
2016, 2019 |
SUSE Linux Enterprise |
12, 15 |
12, 15 |
12, 15 |
12, 15 |
12, 15 |
12, 15 |
12, 15 |
12, 15 |
Rocky Linux |
9.x |
9.x |
9.x |
- |
- |
- |
- |
- |
Java
Version | Vendor | Java version |
---|---|---|
PingGateway 2024.9 |
OpenJDK, including OpenJDK-based distributions:
|
21, 17 |
PingGateway 2024.6 |
OpenJDK, including OpenJDK-based distributions:
|
21, 17 |
IG 2024.3 |
OpenJDK, including OpenJDK-based distributions:
|
21, 17 |
IG 2023.11 - 2023.4 |
OpenJDK, including OpenJDK-based distributions:
|
17, 11 |
IG 2023.2 - 7.1 |
OpenJDK, including OpenJDK-based distributions:
|
11 |
IG 7 |
OpenJDK, including OpenJDK-based distributions:
|
Oracle Java |
Eclipse Adoptium is tested most extensively.
You are recommended to use the HotSpot JVM.
Consider the following points for using Java:
-
Use a JVM with the latest security fixes.
-
Keep your Java installation up-to-date with the latest security fixes.
-
Java 11 is the earliest long-term supported (LTS) Java version for IG 2023.11 and earlier versions. Earlier versions of Java don’t contain required cryptography fixes. If you are using an earlier version of Java, secure your installation as described in the Java JDK Security Advisory #202109.
FQDNs
PingGateway replication requires use of fully qualified domain names (FQDNs),
such as ig.example.com
.
Hostnames like example.com
are acceptable for evaluation. In production, and
when using replication across systems, you must either ensure DNS is set up
correctly to provide FQDNs, or update the hosts file
(/etc/hosts
or C:\Windows\System32\drivers\etc\hosts
) to supply
unique, FQDNs.
Certificates
For secure network communications with client applications that you do not control, install a properly signed digital certificate that your client applications recognize, such as one that works with your organization’s PKI, or one signed by a recognized CA.
To use the certificate during installation, the certificate must be located in a
file-based keystore supported by the JVM (JKS, JCEKS, PKCS#12), or on a PKCS#11
token. To import a signed certificate into the server keystore, use the Java
keytool
command.
Third-party software for encryption
Bouncy Castle is required for signature encryption with RSASSA-PSS or Deterministic ECDSA. For information, refer to The Legion of the Bouncy Castle.
Third-party software
Ping Identity provides support for using the following third-party software when logging common audit events:
Software | Version |
---|---|
Java Message Service (JMS) |
2.0 API |
MySQL JDBC Driver Connector/J |
8 (at least 8.0.19) |
Splunk |
8.0 (at least 8.0.2) |
Elasticsearch and Splunk have native or third-party tools to collect, transform, and route logs. Examples include Logstash and Fluentd. Use these alternatives if possible. These tools have advanced, specialized features focused on getting log data into the target system. They decouple the solution from the Ping Identity Platform systems and version, and provide inherent persistence and reliability. You can configure the tools to avoid losing audit messages if a Ping Identity Platform service goes offline, or delivery issues occur. These tools can work with common audit logging:
|
Ping Identity provides support for using the following third-party software when monitoring servers:
Software | Version |
---|---|
Grafana |
5 (at least 5.0.2) |
Graphite |
1 |
Prometheus |
2.0 |
For hardware security module (HSM) support, Ping Identity Platform software requires a client library that conforms to the PKCS#11 standard v2.20 or later.
Features requiring later versions of AM
Feature | Minimum version of AM |
---|---|
AM 7.3, available after the IG 2023.2 release |
|
AM 7.1 |
|
Support for refresh of idle sessions when the SingleSignOnFilter is used for
authentication with AM. For more information, refer to the |
AM 6.5.3 |
Eviction of revoked OAuth 2.0 access tokens from the cache. Learn more from
CacheAccessTokenResolver,
and the |
AM 6.5.3 |
Support for OAuth 2.0 Mutual TLS (mTLS). Learn more from ConfirmationKeyVerifierAccessTokenResolver and Validate certificate-bound access tokens. |
AM 6.5.1 |