Configuring PingFederate for user-initiated single logout - PingAccess - 7.0

PingAccess

bundle
pingaccess-70
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.0
category
Product
pa-70
pingaccess
ContentType_ce

Configure PingFederate to provide PingAccess with access to the PingFederate-managed session.

  1. Sign on to the PingFederate administrative console.
  2. Go to System > OAuth Settings > Authorization Server Settings.
  3. Select Track User Sessions for Logout.
  4. Click Save.
  5. Select an OpenID Connect policy.
    • If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > OpenID Connect Policy Management and click an existing policy.
    • If you are using PingFederate 10.1 or later, go to Applications > OAuth > OpenID Connect Policy Management and click an existing policy.
  6. On the Manage Policy tab, select Include Session Identifier in ID Token.

    For more information about configuring an OpenID Connect Policy, see Configuring OpenID Connect Policies in the PingFederate Administrator's Manual.

  7. Click Save.
  8. Select the client to be used by PingAccess.
    • If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > Client Management and select the client to be used by PingAccess.
    • If you are using PingFederate 10.1 or later, go to Applications > OAuth > Clients and select the client to be used by PingAccess.
  9. In the OpenID Connect section of the client's configuration page, select PingAccess Logout Capable.
    Tip:

    If this option is not available, ensure that the Track User Sessions for Logout setting change made in step 3 was saved.

  10. Click Save.