Configuring a web session - PingAccess - 7.3

PingAccess

bundle
pingaccess-73
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.3
category
Product
pa-73
pingaccess
ContentType_ce

A web session specifies the details of how user information is stored.

For more information about this procedure, including optional steps that are not included here, see Creating web sessions.

  1. Click Access and then go to Web Sessions > Web Sessions.
    1. In PingAccess, go to Access > Web Sessions, click the Expand icon to view more details about the web session associated with your API application, then click the Pencil icon.
  2. Click + Add Web Session.
  3. In the Name field, enter a unique name for the web session, up to 64 characters, including special characters and spaces.
  4. From the Cookie Type list, select Encrypted JWT.
  5. In the Audience field, enter the audience that the PA token is applicable to, represented as a short, unique identifier between one and 32 characters.
    Note:

    PingAccess rejects requests that contain a PA token with an audience that differs from what is configured in the web session associated with the target application.

  6. From the OpenID Connect Login Type list, select Code.
    Note:

    The Code login type is recommended for maximum security and standards interoperability, but other options are available. For information on the available profiles, see OpenID Connect login types.

  7. In the Client ID field, enter the unique identifier (client ID) that was assigned when you created the OAuthOAuth A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server. relying party (RP)relying party (RP)RP An OAuth 2.0 client that requires end-user's authenticity and claims (attributes) from an OpenID provider. client within the token provider (for more information, see Configuring a Client in the PingFederate documentation).
  8. Select a Client Credentials Type. This is required when configuring the Code login type.
    • Secret
    • Mutual TLS
    • Private Key JWT
    Info: The OAuth client you use with PingAccess web sessions must have an OpenID Connect (OIDC)OpenID Connect (OIDC)OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management. policy specified (for more information see Configuring OpenID Connect Policies).
  9. Provide the information required for the selected credential type.
    • Secret – Enter the Client Secret assigned when you created the OAuth relying party client in the token provider.
    • Mutual TLS – Select a configured Key Pair to use for Mutual TLS client authentication.
    • Private Key JWT – No additional information is required.
  10. In the Idle Timeout field, specify the amount of time, in minutes, that the PA token remains active when no activity is detected by the user (the default is 60 minutes).
    Info: If there is an existing valid PingFederate session for the user, an idle timeout of the PingAccess session might result in its re-establishment without forcing the user to sign on again.
  11. In the Max Timeout field, specify the amount of time, in minutes, that the PA token remains active before expiring (the default is 240 minutes).
  12. Click Save.