The following task configures PingFederate Server as the identity provider for PingDirectory Server.
- Sign on to the PingFederate administrative console.
-
Import the PingDirectory Server LDAPS
certificate:
- Go to Security > Certificate & Key Management > Trusted CAs.
- Click Import, click Choose File to browse to the certificate, click Next, and then click Save.
-
Add an LDAP datastore:
- Go to System > Data Stores.
- Click Add New Data Store.
- Specify a Name for the data store.
- Set Type to Directory (LDAP).
- Click Next.
- In the Hostname(s) field, enter the PingDirectory Server host name and LDAPS port, separated by a colon (for example, 10.101.113.75:1636) and click Add.
- Select the Use LDAPS check box.
- Set LDAP Type to PingDirectory.
-
In the User DN field, enter one of the following
values based on your PingDirectory
configuration:
- cn=dmanager
- cn=Directory Manager
Note:These values are based on the assumption that Delegated Admin will run as the directory manager.
- In the Password field, specify the root password.
-
Click Advanced and then Advanced LDAP
Options.
- Select the Create New Connections If Necessary check box.
- Clear the Verify LDAPS Hostname check box.
- Click Done.
- Click Test Connection.
- Click Next.
- Click Save.
-
Create the HTML form IdP Adapter.
The adapter authenticates users against PingDirectory Server.
- Go to Authentication > IdP Adapters > Create New Instance
- In the Instance Name field, enter a name such as PingDirectoryIdP.
- Specify an Instance ID.
- Set Type to HTML Form IdP Adapter.
- Click Next.
- Go to the bottom of the page and click Manage Password Credential Validators.
-
Create a validator to authenticate users against the PingDirectory Server:
- Click Create New Instance.
- Specify an Instance Name.
- Specify an Instance ID.
- Set Type to LDAP User Name Password Credential Validator.
- Click Next.
- Specify an LDAP Datastore.
- Specify an Search Base.
- Enter the following text in the Search Filter
field to use the email address or user name to sign on to the system.
(|(uid=${username})(mail=${username}))
-
Click Next and extend the contract with entryUUID and cn.
Note:These values are used later.
- Click Next, Done, or Save until you reach the Create Adapter Instance screen.
- Add a new row to Password Credential Validators, choose the new LDAP Password Credential Validator, and click Update.
- Go to the Extended Contract tab and extend the adapter contract with entryUUID and cn.
-
Go to the Adapter Attributes tab, select
entryUUID for a pseudonym, and then click
Next, Next,
Done, and Save.
For more information, see Configuring the LDAP Username Password Credential Validator.
-
Enable session tracking:
- Go to Authentication > Policies > Sessions
- Select the Track Adapter Sessions For Logout check box.
- Select the Track Revoked Sessions On Logout check box.
- Select the Enable Authentication Sessions For All Sources check box.
- Click Save.