PingAccess uses ports and protocols to communicate with external components. This information provides guidance for firewall administrators to ensure that the correct ports are available across network segments.

Note:

Direction refers to the direction of requests relative to PingAccess:

Inbound requests
Requests that PingAccess receives from external components.
Outbound requests
Requests that PingAccess sends to external components.
Service Port details Source Description

PingAccess administrative console

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9000
  • Destination: PingAccess admin console
  • Direction: Inbound

PingAccess administrator browser, PingAccess administrative APIapplication programming interface (API) A specification of interactions available for building software to access an application or service. REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests to the PingAccess administrative console. Configurable using the admin.port property in the run.properties file. For more information, see the Configuration file reference guide.

This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess cluster communications port

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9090
  • Destination: PingAccess admin console
  • Direction: Inbound

PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests where the clustered engines request their configuration data. Configurable using the clusterconfig.port property in the run.properties file. For more information, see the Configuration file reference guide.

This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess engine

  • Protocol: HTTP/HTTPS
  • Transport: TCP
  • Default port: 3000*
    Note:

    Any additional engine listener ports defined in the configuration must be open as well.

  • Destination: PingAccess engine
  • Direction: Inbound

Client browser, mobile devices, PingFederate engine

Used for incoming requests to the PingAccess runtime engine. Configurable using the Listeners configuration page. For more information, see the PingAccess user interface reference guide.

PingAccess agent

  • Protocol: HTTP/HTTPS
  • Transport: TCP
  • Default port: 3030
  • Destination: PingAccess engine
  • Direction: Inbound

PingAccess agent

Used for incoming Agent requests to the PingAccess runtime engine. Configurable using the agent.http.port property of the run.properties file. For more information, see the Configuration file reference guide.

PingFederate traffic

  • Protocol: HTTPS
  • Transport: TCP
  • Default port: 9031
  • Destination: PingFederate
  • Direction: Outbound

PingAccess engine

Used to validate OAuthOAuth A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server. access tokensaccess token A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources. and ID tokens, make Security Token Service (STS)Security Token Service (STS)STS An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services. calls for identity mediation, and return authorized information about a user.

Configurable using the PingFederate Settings page within PingAccess. For more information, see the PingAccess user interface reference guide.