Configure PingFederate to provide PingAccess with access to the PingFederate-managed session.
- Sign on to the PingFederate administrative console.
- Go to System > OAuth Settings > Authorization Server Settings.
- Select Track User Sessions for Logout.
- Click Save.
-
Select an OpenID Connect policy.
- If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > OpenID Connect Policy Management and click an existing policy.
- If you are using PingFederate 10.1 or later, go to Applications > OAuth > OpenID Connect Policy Management and click an existing policy.
-
On the Manage Policy tab, select Include
Session Identifier in ID Token.
For more information about configuring an
OpenID Connect (OIDC) Policy, see Configuring OpenID Connect Policies in the PingFederate Administrator's Manual.OpenID Connect (OIDC) OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management. - Click Save.
-
Select the client to be used by PingAccess.
- If you are using PingFederate 10.0 or earlier, go to System > OAuth Settings > Client Management and select the client to be used by PingAccess.
- If you are using PingFederate 10.1 or later, go to Applications > OAuth > Clients and select the client to be used by PingAccess.
-
In the OpenID Connect section of the client's
configuration page, select PingAccess Logout
Capable.
Tip:
If this option is not available, ensure that the Track User Sessions for Logout setting change made in step 3 was saved.
- Click Save.