Configure PingFederate as the token provider for PingAccess - PingAccess - 7.0

PingAccess
bundle
pingaccess-70
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.0
category
Product
pa-70
pingaccess
ContentType_ce
  • PingAccess
  • Release Notes
  • PingAccess Release Notes
  • Release Notes
  • PingAccess 7.0.6 - September 2022
  • PingAccess 7.0.5 - August 2022
  • PingAccess 7.0.4 - May 2022
  • PingAccess 7.0.3 - January 2022
  • PingAccess 7.0.2 - December 2021
  • PingAccess 7.0.1 - December 2021
  • PingAccess 7.0 - December 2021
  • Known issues and limitations
  • Previous Releases
  • Deprecated Features
  • PingAccess Use Cases
  • Protecting a web application with PingAccess in a gateway deployment
  • Configuring a virtual host
  • Configuring a site
  • Configuring a web session
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Protecting an API with PingAccess in a gateway deployment
  • Configuring a virtual host
  • Configuring a site
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Protecting a web application with PingAccess in an agent deployment
  • Configuring a virtual host
  • Configuring a web session
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Protecting an API with PingAccess in an agent deployment
  • Configuring a virtual host
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Protecting an API with PingAccess in a sideband deployment
  • Configuring a virtual host
  • Configuring a rule
  • Configuring an identity mapping
  • Configuring an application
  • Configuring a resource
  • Introduction to PingAccess
  • PingAccess for Azure AD
  • What can I do with PingAccess?
  • How does PingAccess work?
  • WAM session initiation
  • Token mediation
  • What can I configure with PingAccess?
  • How do I choose a deployment model?
  • Gateway model
  • Agent model
  • Sideband model
  • Installing and Uninstalling PingAccess
  • Installation requirements
  • System requirements
  • Hardware requirements
  • Port requirements
  • Installing PingAccess on Linux
  • Installing PingAccess on Windows using the installer
  • Installing PingAccess on Windows from the command line
  • Starting PingAccess
  • Accessing the administrative console for the first time
  • Accessing the PingAccess administrative API
  • Accessing the interactive administrative API documentation
  • Changing configuration database passwords
  • Stopping PingAccess
  • Running PingAccess as a service
  • Configuring PingAccess to run as a Linux systemv service
  • Configuring PingAccess to run as a Linux systemd service
  • Configuring multiple instances of PingAccess as Linux services
  • Removing the PingAccess Linux service
  • Configuring PingAccess to run as a Windows service
  • Configuring PingAccess to run as a Windows service from the command line
  • Removing the PingAccess Windows service
  • Uninstalling PingAccess
  • Backing up and restoring PingAccess
  • Backing up and restoring PingAccess using a .zip archive
  • Backing up PingAccess using a .zip archive
  • Restoring PingAccess using a .zip archive
  • Backing up and restoring PingAccess using a JSON file
  • Backing up PingAccess using a JSON file
  • Restoring PingAccess using a JSON file
  • Upgrading PingAccess
  • Upgrade Guide
  • Upgrade considerations
  • Upgrading your environment
  • Upgrading a PingAccess standalone version using the upgrade utility
  • PingAccess standalone upgrade parameters
  • Upgrading a PingAccess cluster using the upgrade utility
  • PingAccess cluster upgrade parameters
  • Upgrading PingAccess using the Windows installer
  • Upgrading a PingAccess standalone version using the incremental update package
  • Upgrading a PingAccess cluster using the incremental update package
  • Performing post-upgrade tasks
  • Restoring a PingAccess configuration backup
  • Upgrade Troubleshooting
  • Upgrade utility configuration file reference
  • Zero Downtime Upgrade
  • PingAccess zero downtime upgrade
  • Disabling key rolling
  • Disabling key rolling in PingAccess 6.0 or later
  • Disabling key rolling in PingAccess 5.2 or 5.3
  • Disabling key rolling in PingAccess 5.0 or 5.1
  • Disabling key rolling in PingAccess 4.3 or earlier
  • Upgrading the administrative node
  • Upgrading the replica administrative node
  • Upgrading engines
  • Removing the engine from the load balancer configuration
  • Upgrading the engine
  • Resuming configuration replication
  • Adding the engine to the load balancer configuration
  • Enabling key rolling
  • Recovering from a failed upgrade
  • Configuring and Customizing PingAccess
  • Session management configuration
  • Server-side session management configuration
  • Configuring PingFederate for session management
  • Configuring PingFederate for user-initiated single logout
  • Configuring PingAccess for server-side session management
  • Logging configuration
  • Security audit logging
  • Logging
  • Configuring log levels
  • Configuring class or package log levels
  • Enabling cookie logging
  • Garbage collection logging
  • Agent inventory logging
  • Appending log messages to syslog and the console
  • Log traffic for troubleshooting
  • Enabling API audit traffic logging
  • Enabling engine traffic logging
  • Enabling agent traffic logging
  • Enabling sideband traffic logging
  • Enabling sideband client traffic logging
  • Traffic logging reference
  • Other logging formats
  • Writing logs to databases
  • Writing audit logs for Splunk
  • Customize and Localize PingAccess
  • User-facing page customization reference
  • User-facing page localization reference
  • Federal Information Processing Standards (FIPS) Mode
  • Viewing FIPS Mode Status in the User Interface
  • Viewing FIPS Mode Status in Audit Logs
  • Feature changes in FIPS Mode
  • Enabling FIPS Mode
  • Disabling FIPS Mode
  • Configuring PingAccess to use Amazon Key Management Services
  • Reference Guides
  • PingAccess API endpoints
  • Heartbeat endpoint
  • OpenID Connect endpoints
  • Authentication Token Management endpoint
  • OAuth endpoint
  • Administrative API endpoints
  • Clustering in PingAccess
  • Configuring a PingAccess cluster
  • Manually promoting the replica administrative node
  • Reinstating a replica administrative node after failing over
  • Configuration file reference
  • PingAccess deployment guide
  • Use cases and deployment architecture
  • Deploy for gateway web access management
  • Deploy for agent web access management
  • Deploy for gateway API access management
  • Deploy for sideband API access management
  • Deploy for auditing and proxying
  • Configuration by use case
  • Web Access Management Gateway deployment table
  • Web Access Management Agent deployment table
  • API Access Management Gateway deployment table
  • Auditing and proxying Gateway deployment table
  • Web Access Management
  • Choose between an agent or gateway deployment
  • Web Access Management Gateway proof of concept deployment architecture
  • Web Access Management Gateway production deployment architecture
  • Web Access Management Agent proof of concept deployment architecture
  • Web Access Management Agent production deployment architecture
  • API access management proof of concept deployment architecture
  • API access management production deployment architecture
  • Auditing and proxying proof of concept deployment architecture
  • Auditing and proxying production deployment architecture
  • Groovy in PingAccess
  • Groovy Scripts
  • Body object reference
  • Exchange object reference
  • Headers object reference
  • Identity object reference
  • JsonNode object reference
  • Logger object reference
  • MediaType object reference
  • Method object reference
  • OAuth Token object reference
  • PolicyContext object reference
  • Request object reference
  • Response object reference
  • SslData object reference
  • Groovy script examples
  • Matcher usage reference
  • Performance tuning
  • Java tuning
  • Configuring JVM crash log in Java startup
  • Configuring memory dumps in Java startup
  • Modifying the Java heap size
  • Operating system tuning
  • Linux tuning
  • Tuning network and TCP settings
  • Increasing file descriptor limits (systemv)
  • Increasing file descriptor limits (systemd)
  • Windows tuning
  • Increasing the number of available ephemeral ports
  • Reducing the socket TIME_WAIT delay
  • Garbage collector configuration reference
  • Configuring acceptor threads
  • Configuring worker threads
  • Backend server connections
  • Logging and Auditing
  • Logging
  • Auditing
  • Agent tuning reference
  • PingAccess User Interface Reference Guide
  • Applications header
  • Applications
  • Applications operations
  • Adding an application
  • Application field descriptions
  • Editing an application
  • Deleting an application
  • Authentication challenge responses
  • Application resources
  • Configuring resource ordering in PingAccess
  • Adding application resources
  • Path patterns reference
  • Applying rules to applications and resources
  • Global unprotected resources
  • Adding global unprotected resources
  • Editing global unprotected resources
  • Deleting global unprotected resources
  • Redirects
  • Adding a redirect
  • Editing a redirect
  • Deleting a redirect
  • Virtual hosts
  • Creating new virtual hosts
  • Configuring virtual host trusted certificate groups
  • Editing virtual hosts
  • Deleting virtual hosts
  • Sites
  • Sites operations
  • Adding sites
  • Editing sites
  • Deleting sites
  • Site field descriptions
  • Site authenticators
  • Adding site authenticators
  • Editing site authenticators
  • Deleting site authenticators
  • Basic authentication site authenticators
  • Mutual TLS site authenticators
  • Token mediator site authenticators
  • Third-party services
  • Adding third-party services
  • Editing third-party services
  • Deleting third-party services
  • Third-party service field descriptions
  • Agents
  • Assigning agent listener key pairs
  • Adding agents
  • Editing agents
  • Deleting agents
  • Agent field descriptions
  • Sideband Clients
  • Adding sideband clients
  • Editing sideband clients
  • Deleting sideband clients
  • Access header
  • Rules
  • Rule Management
  • Creating access control rules
  • Adding an authentication requirements rule
  • Adding Groovy script rules
  • Adding HTTP request header rules
  • Adding HTTP request parameter rules
  • Adding network range rules
  • Adding OAuth attribute rules
  • Adding OAuth client rules
  • Adding OAuth Groovy script rules
  • Adding OAuth scope rules
  • Adding one-time authorization rules
  • Adding PingAuthorize access control rules
  • Adding rate limiting rules
  • Adding redirect rules
  • Adding rejection rules
  • Adding time range rules
  • Adding web session attribute rules
  • Adding web session scope rules
  • Configuring access token attributes for superuser scope in PingFederate
  • Adding WebSocket handshake rules
  • Creating processing rules
  • Adding a cross-origin request rule
  • Adding OAuth token cache time to live rules
  • Adding PingAuthorize response filtering rules
  • Rewrite rules overview
  • Adding rewrite content rules
  • Rewrite content rule examples
  • Adding rewrite cookie domain rules
  • Adding rewrite cookie path rules
  • Adding rewrite response header rules
  • Adding rewrite URL rules
  • Rewrite URL rule configuration examples
  • Editing rules
  • Deleting rules
  • Rule sets
  • Adding rule sets
  • Editing rule sets
  • Deleting rule sets
  • Rule set groups
  • Adding rule set groups
  • Editing rule set groups
  • Deleting rule set groups
  • Rejection handlers
  • Creating rejection handlers
  • Editing rejection handlers
  • Deleting rejection handlers
  • Authentication
  • Configuring authentication challenge policies
  • Editing authentication challenge policies
  • Deleting authentication challenge policies
  • Configuring authentication requirements lists
  • Editing authentication requirements lists
  • Deleting authentication requirements lists
  • Identity mappings
  • Creating header identity mappings
  • Creating JWT identity mappings
  • Creating web session access token identity mappings
  • Editing identity mappings
  • Deleting identity mappings
  • Configuring auth token management
  • Web sessions
  • Configuring web session management settings
  • Creating web sessions
  • OpenID Connect login types
  • Editing web sessions
  • Deleting web sessions
  • Token validation
  • Adding access token validators
  • Editing access token validators
  • Deleting access token validators
  • Configuring OAuth key management settings
  • Unknown resources
  • Configuring unknown resource management
  • Configuring agent defaults
  • Security header
  • Certificates
  • Importing certificates
  • Deleting certificates
  • Creating trusted certificate groups
  • Adding certificates to trusted certificate groups
  • Editing trusted certificate groups
  • Removing certificates from trusted certificate groups
  • Deleting trusted certificate groups
  • Key pairs
  • Importing existing key pairs
  • PEM-encoded format
  • Generating new key pairs
  • Managing certificates for key pairs with ACME
  • Downloading certificates
  • Generating certificate signing requests
  • Importing certificate signing request responses
  • Assigning key pairs to virtual hosts
  • Assigning key pairs to HTTPS listeners
  • HTTPS listeners
  • Adding certificates to key pairs
  • Removing certificates from key pairs
  • Deleting key pairs
  • Hardware security module providers
  • Adding an AWS CloudHSM provider
  • Adding a Safenet Luna provider
  • Editing an HSM provider
  • Deleting an HSM provider
  • Settings header
  • Clustering
  • Engines
  • Configuring engine nodes
  • Editing engine nodes
  • Revoking access from an engine node
  • Removing engine nodes
  • Administrative nodes
  • Configuring administrative nodes
  • Configuring replica administrative nodes
  • HTTP requests
  • Configuring alternative IP source headers
  • Configuring alternative host source headers
  • Configuring alternative protocol source headers
  • Networking
  • Availability profiles
  • Creating availability profiles
  • Editing availability profiles
  • Deleting availability profiles
  • Engine listeners
  • Defining engine listeners
  • Editing engine listeners
  • Deleting engine listeners
  • Load balancing strategies
  • Configuring load balancing strategies
  • Editing load balancing strategies
  • Deleting load balancing strategies
  • Proxies
  • Adding proxies
  • Editing proxies
  • Deleting proxies
  • Admin authentication
  • Configuring basic authentication
  • Changing the password for basic authentication
  • Configuring API authentication
  • Configuring admin UI SSO authentication
  • Preparing to configure admin UI SSO authentication
  • Configuring admin UI SSO authentication
  • Configuring session properties
  • Configuring an admin token provider
  • System
  • Configuration export/import
  • Exporting PingAccess configurations
  • Importing PingAccess configurations
  • License
  • Uploading PingAccess licenses
  • Token provider
  • PingFederate
  • PingFederate runtime
  • Configuring a standard PingFederate runtime
  • Configure a standard PingFederate runtime (original workflow)
  • Configuring a proxied PingFederate runtime
  • Configuring PingFederate administration
  • Configuring OAuth resource servers
  • PingFederate for PingAccess SSO configuration
  • PingOne
  • Configuring PingOne
  • Common token provider
  • Configuring OpenID Connect
  • Creating Azure AD Graph API applications
  • Configuring token provider-specific options
  • Configuring OAuth authorization servers
  • Environment
  • Changing the Environment Name
  • Agents and Integrations
  • PingAccess Agent for Apache (RHEL)
  • System requirements
  • Installing on RHEL 7
  • Manually Installing on RHEL 7
  • Installing on RHEL 8
  • Manually Installing on RHEL 8
  • Manually installing on an IBM HTTP Server
  • Uninstalling the RHEL agent
  • Configuration
  • Log configuration
  • Rotating a CA
  • Troubleshooting
  • Release Notes
  • PingAccess Agent for Apache (SLES)
  • System requirements
  • Installing on SLES
  • Uninstalling on SLES
  • Configuration
  • Log Configuration
  • Rotating a CA
  • Troubleshooting
  • Release Notes
  • PingAccess Agent for Apache (Windows)
  • System requirements
  • Installing on Windows
  • Uninstalling on Windows
  • Configuration
  • Log configuration
  • Rotating a CA
  • Release notes
  • PingAccess Agent for IIS
  • System Requirements
  • Installing on IIS
  • Manually Installing on IIS
  • Uninstalling on IIS
  • Configuration
  • Log Configuration
  • Rotating a CA
  • Troubleshooting
  • Validating the IIS Configuration
  • Manually removing agents on IIS
  • Release Notes
  • PingAccess Agent for NGINX
  • System Requirements
  • Installing on NGINX
  • Uninstalling on NGINX
  • Configuration
  • Rotating a CA
  • Release Notes
  • PingAccess Agent Protocol
  • PingAccess agent protocol flow
  • PAAP client request
  • PAAP agent request
  • PAAP agent response
  • PAAP modified client request
  • PAAP client response
  • PingAccess Agent SDK for C
  • Introduction
  • Getting Started with the PingAccess Agent SDK for C
  • Agent SDK for C directory structure
  • Agent SDK for C sample code
  • Release notes
  • PingAccess Agent SDK for Java
  • Introduction
  • Agent SDK directory structure
  • Agent SDK prerequisites
  • Installing the servlet filter sample
  • Release Notes
  • PingAccess Add-on SDK for Java
  • Get started with the SDK
  • SDK directory structure
  • SDK prerequisites
  • Installing the SDK samples
  • Create your own plugins
  • Integrate with third-party services
  • Implementation guidelines
  • PingAccess Add-On SDK for Java Migration Guide
  • com.pingidentity.pa.sdk.http
  • com.pingidentity.pa.sdk.identity
  • com.pingidentity.pa.sdk.identitymapping.header
  • com.pingidentity.pa.sdk.policy
  • com.pingidentity.pa.sdk.services
  • com.pingidentity.pa.sdk.siteauthenticator
  • com.pingidentity.pa.sdk.ui
  • com.pingidentity.pa.sdk.user
  • com.pingidentity.pa.sdk.util
  • iovation FraudForce Integration
  • Installing the iovation FraudForce integration
  • Creating iovation FraudForce device profiling rules
  • Creating Iovation FraudForce authorization rules
  • Logging iovation events
  • Improving iovation accessibility using a reverse proxy
  • Token Providers
  • Configure PingFederate as the token provider for PingAccess
  • Configure PingFederate for PingAccess connectivity
  • Enabling PingFederate roles and protocols
  • Creating a password credential validator
  • Configuring an IdP adapter
  • Defining the default scope
  • Creating an access token manager
  • Configuring an IdP adapter mapping
  • Configuring an access token mapping
  • Creating an OpenID Connect policy
  • Creating a resource server client
  • Creating a web session client
  • Creating and exporting a certificate
  • Connect PingAccess to PingFederate
  • Importing certificates and creating a trusted certificate group
  • Configuring the token provider
  • Use the PingAccess QuickStart utility
  • Installing and configuring QuickStart components
  • Connecting the QuickStart utility to PingAccess and PingFederate
  • Using sample applications
  • Sample app reference
  • Viewing apps without access control
  • Restoring PingFederate or PingAccess
  • Protect applications using PingAccess and PingOne for Customers
  • Configuring PingAccess to use PingOne for Customers as the token provider
  • Configuring a PingAccess application
  • PingAccess for Azure AD
  • Get started with PingAccess for Azure AD
  • Configuring PingAccess to use Azure AD as the token provider
  • Configuring PingAccess applications for Azure
  • Configuring applications for dual access with PingAccess for Azure AD
  • PingAccess Monitoring Guide
  • Liveliness and responsiveness
  • Resource metrics
  • Connecting with JMX
  • Connecting to a local process
  • Connecting to a remote process
  • Monitoring
  • Logging, reporting, and troubleshooting
  • Creating an error-only server log
  • Splunk audit log
  • Troubleshooting
  • Administrative SSO lockout
  • Editing run.properties to disable SSO
  • Using the admin API to disable SSO
  • Using the admin API and a new token to disable SSO
  • Collecting support data
  • Minimizing the PingAccess cookie size
Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022
| 1 min read

7.0 PingAccess Product IT Administrator Administrator Audience Product documentation Content Type Configuration User task

This section explains how to manually configure PingAccess and PingFederate to work together, with PingAccess as the access manager and PingFederate as the token provider.

For more information, see the following topics:

  • Configure PingFederate for PingAccess connectivity
  • Connect PingAccess to PingFederate

The features documented here are affected by the settings in the configuration file. See the Configuration file reference for more information.

Back to home page