This procedure configures the server as the identity provider for PingDirectory Server.

Note: Before starting, download the LDAPS certificate from PingDirectory Server. All other steps are performed on the PingFederate server. For more information, refer to PingDirectory Server Administration Guide.
  1. Click System > Protocol Settings > Roles and Protocols.
  2. Under Enable OAuth 2.0 Authorization Server (AS) role, select OpenID Connect.
  3. Upload the PingDirectory Server LDAPS certificate in Security > Trusted CAs.
  4. Add an LDAP datastore in System > Datastores. Specify:
    1. The PingDirectory Server host name and LDAPS port.
    2. Select Use LDAPS.
    3. Under Advanced, clear the Verify LDAPS hostname option.
    4. Click Next.
    5. Click Done.
    6. Click Save.
  5. Create the HTML form IdP Adapter and Password Credential Validator that is used to authenticate users against PingDirectory Server:
    1. Select Identity Provider > Adapters > Create New Instance.
    2. Select the HTML Form type.
    3. Click Next, scroll to the bottom of the page, and click Manage Password Credential Validators.
    4. Select Create New Instance.
    5. Click Next and select the LDAP User Name and Password Credential Validator.
    6. Click Next and enter the following search filter to use the email address or user name to log on to the system:
    7. Click Next and extend the contract with entryUUID and cn.
      These values are used later.
    8. Click Next, Done, and Save until the Create Adapter Instance screen.
    9. Add a new row to Password Credential Validators, choose the new LDAP Password Credential Validator, and click Update.
    10. Click Next and extend the contract with entryUUID and cn.
      These values are used later.
    11. Select entryUUID for a pseudonym, and then click Next, Next, Done, and Save.
  6. Enable session tracking in Identity Provider > Sessions, and select the Track adapter session for logout and Enable authentication sessions for all sources options.
  7. Click Save.