Define a PingCentral-specific OAuth client. These steps explain how to configure PingFederate as the OpenID provider. See Configuring OAuth clients in the PingFederate Server guide for additional information.

  1. In PingFederate, go to Applications > OAuth > Clients.
  2. In the Client ID field, enter a unique identifier the client provides to the resource server (RS) to identify itself. This identifier is included with every request the client makes.
  3. In the Name field, enter a descriptive name for the client instance. This name appears when the user is prompted for authorization.
  4. In the Client Authentication field, select Client Secret, and manually enter a secret or click Generate Secret to have one created for you. You will also use this secret when you configure SSO for PingCentral. See Configuring SSO for PingCentral for details.
  5. In the Redirection URIs field, enter this URI: https://<pc-host>:<pc-port>/login/oauth2/code/pingcentral.
  6. Locate the Allowed Grant Types field and select Authorization Code.
  7. Optional: If you want API access with bearer tokens, locate the field and select the Resource Owner Password Credentials option.
    Note: PingCentral doesn't support ID token encryption.
  8. In the OpenID Connect field, select the ID Token Signing Algorithm, and then RSA using SHA-256 from the list.
  9. Click Save.