For information on the PingFederate Administration API, see PingFederate Administrative API.

When you save the PingFederate administration configuration, PingAccess will test the connection to PingFederate. If the connection cannot be made, an error will display in the administration console interface, and the configuration will not be saved.

  1. Click Settings and then go to System > Token Provider > PingFederate > Administration.
  2. Enter the Host name or IP address for access to the PingFederate administrative API.
  3. Enter the Port number for access to the PingFederate runtime.
  4. If necessary, enter the Base Path for the PingFederate runtime.

    The Base Path must start with a slash (/).

  5. Enter the Admin Username.

    This username only requires Auditor (read-only) permissions in PingFederate.

  6. Enter the Admin Password.
  7. To log information about the transaction to the audit store, select Audit.

    PingAccess audit logs record a selected subset of transaction log information at runtime and are located in the /logs directory of your PingAccess installation.

  8. Enable Secure if PingFederate is expecting HTTPS connections.
  9. From the Trusted Certificate Group list, select the group of certificates to use when authenticating to PingFederate.

    PingAccess requires the certificate in use by PingFederate anchor to a certificate in the associated Trusted Certificate Group. This field is available only if you enable Secure.

  10. Optional: To configure advanced settings, click Show Advanced.
    1. Select Skip Hostname Verification to not perform hostname verification of the certificate.
    2. Enter an Expected Certificate Hostname to verify the certificate with the specified name instead of the Host name.
    3. To use a configured proxy for API requests, select the Use Proxy check box.

      If the node is not configured with a proxy, requests are made directly to PingFederate.

  11. Click Save.

    To view OpenID Connect (OIDC) metadata provided by the token provider, click View Metadata after saving the token provider configuration.