Note:

Direction refers to the direction of requests relative to PingAccess. Inbound requests are requests received by PingAccess from external components. Outbound requests are requests sent by PingAccess to external components.

Service Port details Source Description

PingAccess administrative console

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9000
  • Destination: PingAccess admin console
  • Direction: Inbound

PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests to the PingAccess administrative console. Configurable using the admin.port property in the run.properties file. For more information, see the Configuration file reference guide. This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess cluster communications port

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9090
  • Destination: PingAccess admin console
  • Direction: Inbound

PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests where the clustered engines request their configuration data. Configurable using the clusterconfig.port property in the run.properties file. For more information, see the Configuration file reference guide. This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess engine

  • Protocol: HTTP/HTTPS
  • Transport: TCP
  • Default port: 3000*
  • Destination: PingAccess engine
  • Direction: Inbound

Client browser, mobile devices, PingFederate engine

Used for incoming requests to the PingAccess runtime engine. Configurable using the Listeners configuration page. For more information, see the PingAccess user interface reference guide.

PingAccess agent

  • Protocol: HTTP/HTTPS
  • Transport: TCP
  • Default port: 3030
  • Destination: PingAccess engine
  • Direction: Inbound

PingAccess agent

Used for incoming Agent requests to the PingAccess runtime engine. Configurable using the agent.http.port property of the run.properties file. For more information, see the Configuration file reference guide.

PingFederate traffic

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9031
  • Destination: PingFederate
  • Direction: Outbound

PingAccess engine

Used to validate OAuth access tokens, ID tokens, make security token service (STS) calls for identity mediation, and return authorized information about a user. Configurable using the PingFederate Settings page within PingAccess. For more information, see the PingAccess user interface reference guide.

PingAccess cluster traffic

  • Protocol: JGroups
  • Transport: TCP
  • Default port: 7610
  • Destination: PingAccess engine
  • Direction: Inbound

PingAccess engine

Used for communications between engine nodes in a cluster. Configurable using the run.properties file. For more information, see the Configuration file reference guide.

PingAccess cluster traffic

  • Protocol: JGroups
  • Transport: TCP
  • Default port: 7710
  • Destination: PingAccess engine
  • Direction: Inbound

PingAccess engine

Used by other nodes in the cluster as part of the cluster's failure-detection mechanism. Configurable using the run.properties file. For more information, see the Configuration file reference guide.

PingAccess cluster traffic

  • Protocol: JGroups
  • Transport: UDP
  • Default port: 7500
  • Destination: PingAccess engine
  • Direction: Inbound

PingAccess engine

Used by other nodes in the same cluster to share information. Configurable using the run.properties file. For more information, see the Configuration file reference guide.

Note:

In addition to port 3000, additional engine listener ports defined in the configuration must be open as well.