PingOne

Configuring the application in PingDirectory

Modify the config file in PingDirectory to add the PingOne console.

Steps

  1. In PingOne, go to Applications > Applications.

  2. Click the application you created to open the details panel.

  3. Click the Configuration tab and copy the following values to a secure location:

    • Issuer

    • Client ID

    • Client Secret

  4. Locate the PingDirectory config file at:

    PingDirectory/config/sample-dsconfig-batch-files/enable-pingone-admin-console-sso.dsconfig

  5. Make a copy of the config file and leave the original file intact.

  6. Open the copy of the config file in a text editor.

  7. Replace the variables with the values you copied from PingOne.

    # Create an ID token validator suitable for verifying ID tokens generated
# by the PingOne service. The "All Admin Users" identity mapper will be used
# to match users that authenticate with PingOne to either root DN users or
# topology admin users defined in the server configuration.
dsconfig create-id-token-validator \
--validator-name "PingOne ID Token Validator" \
--type ping-one \
--set enabled:true \
--set "identity-mapper:All Admin Users" \
--set evaluation-order-index:1 \
--set issuer-url:<PING_ONE_APPLICATION_ISSUER_URL>

[...]

# Configure the Administrative Console with your application's client
# credentials and issuer URI.
dsconfig set-web-application-extension-prop \
--extension-name Console \
--set sso-enabled:true \
--set oidc-client-id:<PING_ONE_APPLICATION_CLIENT_ID>  \
--set oidc-client-secret:<PING_ONE_APPLICATION_CLIENT_SECRET>  \
--set oidc-issuer-url:<PING_ONE_APPLICATION_ISSUER_URL>

  8. Run the following dsconfig command.

    dsconfig --batch-file \
    enable-pingone-admin-console-sso-copy.dsconfig \
    --no-prompt