Configure your PingFederate administration settings in the PingAccess administrative console.
For information on the PingFederate administration
When you save the PingFederate administration configuration, PingAccess will test the connection to PingFederate. If PingAccess can't make a connection, an error will display in the administrative console and the configuration won't save.
- Click Settings and then go to .
- Enter the Host name or IP address for access to the PingFederate administrative API.
- Enter the Port number for access to the PingFederate runtime.
If necessary, enter the Base Path for the PingFederate
The Base Path must start with a slash (/).
If the PingFederate
administrative API requires native authentication, click
Enter the Admin Username.
This username only requires auditor (read-only) permission in PingFederate.
- Enter the Admin Password.
- Enter the Admin Username.
If the PingFederate
administrative API requires OAuth 2.0 authentication, click
In the Configured Authorization Server list,
- PingFederate Runtime
- Admin Token Provider (will only display if configured)
The API endpoint
/pingfederate/adminallows you to select additional options for the configured authorization server.
You can configure the following authorization servers in the PingAccess administrative console:
In the Client ID field, enter a client ID for
the OAuth client configured in the token provider.
Choose a client that is configured with the client credentials grant type.
- In the Client Credentials Type field, select the credentials for the OAuth client configured in the token provider.
In the Scopes field, enter the required scopes
of validated access tokens that are authorized to call the PingFederate
Scopes can be input as an array of case-sensitive strings. For a full list of the required scopes, see PingFederate's required.scopes section of the oauth2.properties file.
- In the Configured Authorization Server list, choose from:
To log information about the transaction to the audit store, select
PingAccess audit logs record a selected subset of transaction log information at runtime and are located in the /logs directory of your PingAccess installation.
In the Secure section of the
Administration tab, click Yes
if PingFederate is expecting HTTPS
Otherwise, click No.
From the Trusted Certificate Group list, select the
group of certificates to use when authenticating to PingFederate.
PingAccess requires the certificate that PingFederate is using to anchor to a certificate in the associated trusted certificate group.
This field is available only if you enable Secure connections in step 8.
To configure advanced settings, click Show
- Select Skip Hostname Verification to not perform hostname verification of the certificate.
- Enter an Expected Certificate Hostname to verify the certificate with the specified name instead of the Host name.
To use a configured proxy for API requests, select the Use
Proxy check box.
If the node isn't configured with a proxy, requests are made directly to PingFederate.
OpenID Connect (OIDC)metadata provided by the token provider, click View Metadata after saving the token provider configuration. OpenID Connect (OIDC) OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.