PingAccess supplies templates to provide information to the end user. These template
pages use the Velocity template engine, an open-source Apache project, and are located in the
You can modify most of these pages in a text editor to suit the particular branding and informational needs of your PingAccess installation. Cascading style sheets and images for these pages are included in the <PA_HOME>/conf/static/pa/assets subdirectory. Each page contains both Velocity constructs and standard HTML. The Velocity engine interprets the commands embedded in the template page before the HTML is rendered in the user’s browser. At runtime, the PingAccess server supplies values for the Velocity variables used in the template.
If you have modified the reserved application context root using the PingAccess Admin
API, file system requests to the configured reserved application context root will be
/pa. This allows the file system behavior for
PingAccess resources to remain unchanged. Thus, if the reserved context root is set
/ping, templates and other resources would still be stored on the
file system in the
/pa directory, as indicated by this document.
The features documented here are affected by the settings in the configuration file. See the Configuration file reference for more information.
||The browser tab title for the
message. For example,
||The header for the message.
||The information for the
message. For example,
||A value that identifies the request/response pair. This can be used to locate messages in the PingAccess logs.|
||A value that identifies either the tracking
ID, identified with a
Customizable page templates
At runtime, the user's browser is directed to the appropriate page, depending on the operation being performed and where the related condition occurs. For example, if rule evaluation fails, the user's browser is directed to the policy error-handling page. The following table describes each template.
|Template File Name||Purpose||Type||Action|
|admin.error.page.template.html||Indicates an error occurred while the admin console was processing a request||Error||Consult <PA_HOME>/log/pingaccess.log to determine the underlying cause of the issue.|
|general.error.page.template.html||Indicates that an unknown error has occurred and provides an error message.||Error||Consult <PA_HOME>/log/pingaccess.log to determine the underlying cause of the issue.|
|general.loggedout.page.template.html||Displayed when a user logs out of PingAccess.||Normal||User should close the browser.|
|oauth.error.json||Indicates that rule evaluation has failed and provides an optional error message. To customize this information, see Error-Handling Fields for OAuth rules documentation.||Normal||If necessary, consult the audit logs in <PA_HOME>/log for details about why the policy denied the request.|
|policy.error.page.template.html||Indicates that rule evaluation has failed and provides an optional error message. To customize this information, see Error-Handling Fields for rules documentation.||Normal||If necessary, consult the audit logs in <PA_HOME>/log for details about why the policy denied the request.|
The templates stored in <PA_HOME>/conf/template/system are system templates. Do not modify these templates directly unless directed by Ping. This table shows the purpose and associated action, if any, for each of these files.
|admin.loggedout.page.template.html||Displayed when a user completes a single logout (SLO) initiated from the PingAccess admin console.||Normal||The user's session at the identity provider (IdP) and the PingAccess administrative console has been terminated.|
|agent.bootstrap.template.properties||Used to generate the agent.properties file for an agent.||Normal||None|
|engine.bootstrap.template.properties||Used to generate the bootstrap.properties file for an engine.||Normal||None|
|fragment.preservation.request.html||Used to preserve the fragment from the requested URL in client-side storage during a PingAccess OpenID Connect (OIDC) sign-on flow.||Normal||None|
|fragment.preservation.response.html||Used to restore the fragment from client-side storage for the originally requested URL when a PingAccess OIDC sign-on flow has completed.||Normal||None|
|invalid.token.json||Used to challenge a user agent for authentication when the user-agent
specifies an Accept header field containing
||Normal||The user agent interacts with the end user to obtain an OAuth token.|
|post.preservation.request.html||Used to preserve the HTML form data from a POST request in client-side storage during a PingAccess OIDC sign-on flow.||Normal||None|
|post.preservation.response.encoded.html||Used to submit encrypted HTML form data to PingAccess from a previously preserved POST request when a PingAccess OIDC sign-on flow completes.||Normal||None|
|post.preservation.response.html||Used to reconstruct an HTML form to resubmit restored POST data when a PingAccess OIDC sign-on flow completes.||Normal||None|
|redirect.response.html||Used to redirect a browser to the token provider for authentication.||Normal||None|
|replica.bootstrap.template.properties||Used to generate the bootstrap.properties file for a replica admin.||Normal||None|
|site.authenticator.rst.xml||Used to produce a request to send to the PingFederate security token service (STS) endpoint to exchange a PingAccess cookie or OAuth token for a Web Access Management (WAM) token.||Normal||None|
|unauthorized.response.html||Used to produce a challenge for authentication to an OAuth client running in a browser-based application.||Normal||None|