PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.
These fields include, but are not limited to:
- Passwords used by HTTP Basic authentication for:
- Inbound SOAP messages from partners via back-channel calls
- WS-Trust STS
- Shared secrets used by the credentials defined for:
- Attribute Query
- Connection Management
- SSO Directory Service
- Passwords used by instances of the Simple Username Password Credential Validator
- Passwords used for encrypting certificates exported with their private keys
- Pass phrases used by IdP Discovery
- Passwords used by administrative console credentials when native authentication is used
Passwords external to PingFederate—passwords used by instances of the Data Stores, for example—are not subject to this password policy.
- Edit the password-rules.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
- Save the changes.
For a clustered PingFederate environment, perform these steps on the console node. No changes or restart of PingFederate is required on the engine nodes.