Configure a secure connection to the PingFederate runtime in PingAccess.
Before configuring a secure connection to the PingFederate runtime, export the PingFederate certificate and import it into a trusted certificate group in PingAccess. Perform the following steps:
- In PingFederate, export the certificate active for the runtime server. See SSL Server Certificates in the PingFederate Administrator's Manual for more information.
- Import the certificate into PingAccess.
- Create a Trusted Certificate Group if one does not already exist.
- Add the certificate to a Trusted Certificate Group.
For information on configuring PingFederate as an OAuth authorization server, see Enabling the OAuth AS and Authorization Server Settings in the PingFederate documentation.
After you save the PingFederate runtime connection, PingAccess will test the connection to PingFederate. If the connection cannot be made, an error will display in the administrative interface, and the PingFederate runtime will not save.
The steps that display depend on your environment. In a new deployment, some of the
PingFederate configuration information is imported automatically from the
PingFederate well-known endpoint. If you upgrade from PingAccess 5.2 or earlier and
have an existing token provider configuration, this information is provided
manually. If you perform an upgrade and want to see the new version of this page,
configure the token provider using the /pingfederate/runtime
API
endpoint. For more information, see Administrative API Endpoints.
Configuring PingFederate as a token provider using the
/pingfederate/runtime
overwrites the existing PingFederate
configuration.
After you successfully configure the token provider, click View Metadata to display the metadata provided by the token provider. To update the metadata, click Refresh Metadata.
After you save this configuration and Configuring OAuth resource servers, a PingFederate access validator is available for selection when you define OAuth-type rules in Policy Manager.<issuer>