Use the Manage Domain/Realm screen to configure Active Directory domains or Kerberos realms that PingFederate can use to contact the domain controllers or the Key Distribution Centers (KDCs) for verifying user authentication.

  1. Enter the required information based on the following table:
    Field Description
    Domain/Realm Name The fully-qualified domain or realm name.

    For example:

    Domain/Realm Username The ID for the domain or realm account name.
    Domain/Realm Password The password for the domain or realm account.
    Domain Controller/Key Distribution Center Host Names


    Specify the host name or IP address of your domain controller or KDC (for example, dc01-yvr), and then click Add. Repeat this step to add multiple servers.

    If a host name is used, PingFederate appends the domain to the host name to formulate the fully qualified domain name (FQDN) of the server unless the Suppress DC / Domain Concatenation check box is selected.

    If unspecified, PingFederate uses a DNS lookup.

    Suppress DC / Domain Concatenation Select this check box to specify the desired FQDNs under Domain Controller/Key Distribution Center Host Names. When selected, PingFederate does not append the domain to the host names anymore.

    This check box is not selected by default.

    Test Domain/Realm Connectivity Tests access to the domain controller or KDC from the administrative-console server.

    When a connection to any of the configured controllers/KDCs is successful, the message Test Successful appears. Otherwise, the test returns error messages near the top of the screen.


    Debug Log Output check box on the Manage Domain/Realm SettingsFor help resolving connectivity issues, select the screen, run the test again, and review the debug messages in the PingFederate server log.

    This test stops at the first successful result when multiple domain controllers or KDCs are specified; therefore, not all servers are necessarily verified. Depending on the network architecture, the engine nodes deployed in a cluster may also establish connections differently. As a result, the engine nodes and the console node may connect to different domain controllers or KDCs.