These fields include, but are not limited to:

  • Passwords used by HTTP Basic authentication for:
    • Inbound SOAP messages from partners via back-channel calls
    • WS-Trust STS
  • Shared secrets used by the credentials defined for:
    • Attribute Query
    • JMX
    • Connection Management
    • SSO Directory Service
  • Passwords used by instances of the Simple Username Password Credential Validator
  • Passwords used for encrypting certificates exported with their private keys
  • Pass phrases used by IdP Discovery
  • Passwords used by administrative console credentials when native authentication is used

Passwords external to PingFederate—passwords used by instances of the Data Stores, for example—are not subject to this password policy.

  1. Edit the password-rules.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Save the changes.
  3. Restart PingFederate.
    For a clustered PingFederate environment, perform these steps on the console node. No changes or restart of PingFederate is required on the engine nodes.