Page created: 26 Jul 2021
|
Page updated: 14 Jan 2022
| 2 min read
7.0 PingAccess Product IT Administrator Administrator Audience Product documentation Content Type Web Access Management Access security Capability
A web session specifies the details of how user information is stored.
For more information about this procedure, including optional steps that are not included here, see Creating web sessions.
- Click Access and then go to Web Sessions > Web Sessions.
- Click + Add Web Session.
- In the Name field, enter a unique name for the web session, up to 64 characters, including special characters and spaces.
- From the Cookie Type list, select Encrypted JWT.
-
In the Audience field, enter the audience that the PA
token is applicable to, represented as a short, unique identifier between one
and 32 characters.
Note:
PingAccess rejects requests that contain a PA token with an audience that differs from what is configured in the web session associated with the target application.
-
From the OpenID Connect Login Type list, select
Code.
Note:
The Code login type is recommended for maximum security and standards interoperability, but other options are available. For information on the available profiles, see OpenID Connect login types.
- In the Client ID field, enter the unique identifier (client ID) that was assigned when you created the OAuth Relying Party client within the token provider (for more information, see Configuring a Client in the PingFederate documentation).
-
Select a Client Credentials Type. This is required when
configuring the Code login type.
- Secret
- Mutual TLS
- Private Key JWT
Info: The OAuth client you use with PingAccess web sessions must have an OpenID Connect policy specified (for more information see Configuring OpenID Connect Policies). -
Provide the information required for the selected credential type.
- Secret – Enter the Client Secret assigned when you created the OAuth relying party client in the token provider.
- Mutual TLS – Select a configured Key Pair to use for Mutual TLS client authentication.
- Private Key JWT – No additional information is required.
-
In the Idle Timeout field, specify the amount of time,
in minutes, that the PA token remains active when no activity is detected by the
user (the default is
60
minutes).Info: If there is an existing valid PingFederate session for the user, an idle timeout of the PingAccess session might result in its re-establishment without forcing the user to sign on again. -
In the Max Timeout field, specify the amount of time, in
minutes, that the PA token remains active before expiring (the default is
240
minutes). - Click Save.