Configure your PingFederate administration settings in PingAccess.
For information on the PingFederate Administration API, see PingFederate Administrative API.
When you save the PingFederate administration configuration, PingAccess will test the connection to PingFederate. If the connection cannot be made, an error will display in the administration console interface, and the configuration will not be saved.
- Click Settings and then go to .
- Enter the Host name or IP address for access to the PingFederate administrative API.
- Enter the Port number for access to the PingFederate runtime.
If necessary, enter the Base Path for the PingFederate
The Base Path must start with a slash (/).
administrative API requires native authentication, click
Basic then provide the basic authentication
Enter the Admin Username.
This username only requires Auditor (read-only) permission in PingFederate.
- Enter the Admin Password.
- Enter the Admin Username.
administrative API requires OAuth2 authentication, click
OAuth, then provide the OAuth authentication
- In the Configured Authorization Server list:
- PingFederate Runtime
- Admin Token Provider (will only display if configured)
The API endpoint
/pingfederate/adminallows additional options to be selected for the configured authorization server.
You can configure the following authorization servers in the PingAccess UI:
- PingFederate Runtime. For more information, see PingFederate runtime.
- Admin token provider. For more information, see Configuring an admin token provider.
- Common. For more information, see Configuring OAuth authorization servers.
- PingOne. For more information, see PingOne.
In the Client ID field, enter a client ID for
the OAuth client configured in the Token Provider.
Choose a client that is configured with the Client Credentials grant type.
- In the Client Credentials Type field, select the credentials for the OAuth client configured in the Token Provider.
In the Scopes field, enter the required scopes
of validated access tokens authorized to call the PingFederate
Scopes can be input as an array of case-sensitive strings. For a full list of the required scopes, please refer to PingFederate's required.scopes section of the oauth2.properties file.
To log information about the transaction to the audit store, select
PingAccess audit logs record a selected subset of transaction log information at runtime and are located in the /logs directory of your PingAccess installation.
- Enable Secure if PingFederate is expecting HTTPS connections.
From the Trusted Certificate Group list, select the
group of certificates to use when authenticating to PingFederate.
PingAccess requires the certificate in use by PingFederate anchor to a certificate in the associated Trusted Certificate Group. This field is available only if you enable Secure.
To configure advanced settings, click Show
- Select Skip Hostname Verification to not perform hostname verification of the certificate.
- Enter an Expected Certificate Hostname to verify the certificate with the specified name instead of the Host name.
To use a configured proxy for API requests, select the Use
Proxy check box.
If the node is not configured with a proxy, requests are made directly to PingFederate.
To view OpenID Connect (OIDC) metadata provided by the token provider, click View Metadata after saving the token provider configuration.