For the best possible experience, ensure your computer meets or exceeds the minimum system requirements and become familiar with the configurations supported for this release.
- PingFederate v10.0. See PingFederate 10.0 system requirements.
- PingFederate v9.2. See PingFederate v9.2 system requirements.
- PingFederate v9.3. See PingFederate v9.3 system requirements.
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Red Hat Enterprise Linux ES 7.6
- Red Hat Enterprise Linux ES 8.0
Java runtime environments:
- Oracle Java 11 LTS
- OpenJDK 11
PingCentral is an orchestrator for PingFederate. Configurations are sourced from PingFederate to define PingCentral applications and templates. Configure each environment in advance and ensure you have working authentication policies with persistent grants, access token mappings, and access token managers (ATMs) in place before using PingCentral to promote new applications.
Review additional information regarding supported features, protocols, and frameworks before you get started:
|Single sign-on and user management||
||Assigning groups of users entitlements based on an external attribute, such as LDAP group membership.|
|Backup and restoration||Saving the database and configuration files by copying the
directories h2-data/ and
config/ to a new instance.
Note: To ensure these files contain the most up-to-date information, do not copy them while PingCentral is running.
|Using an API to export PingCentral configuration information.|
|Client authentication||Using None or the client secret method. Client secrets can be provided by the user or generated.||Using a client TLS certificate, private key JWT, or symmetric keys.|
|Grant types||Using all OAuth and OIDC grant types.|
|Scopes||All scopes and exclusive scopes referenced in the PingFederate client JSON file, which is obtained during the template creation process.||Scopes cannot be customized when creating an application in PingCentral.|
|ATMs and OIDC policies||Saving ATMs or OIDC policies into templates created from
client applications that have them.
Note: If ATMs or OIDC policies do not exist in an environment, PingCentral will create them during the promotion process. If an ATM or OIDC policy of the same name already exists in a target environment, it will not be modified.
|Saving or promoting access token mapping, persistent grants, policy contracts, or authentication policies.|
|Selectors||Connection set selectors. Clients can only be automatically connected to authentication policies via policy contracts. If your authentication logic requires use of a selector, add it in PingFederate.|
|Bindings||Using POST bindings.||Using artifact, redirect, or SOAP bindings.|
|Attribute mapping||Mapping attributes, provided by a single authentication policy contract, in an unspecified format. You can also map attributes to static text.||
|Policy contracts||Referencing one policy contract per template.||
Referencing more than one policy per template.
Note: If multiple policy contracts are referenced in a template when it is promoted, newly-created applications will only map attributes from the first policy contract referenced. If PingFederate applications are directly added to PingCentral, the mappings from each policy contract are preserved.
|Adapter mappings||Authentication policies must be specified through a policy contract consistent with PingFederate best practices.|
||An SP certificate is required to promote a SAML connection, but might be optional in future releases.|