Configuring service authentication - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

Administrators with the Admin role can activate and configure authentication for Attribute Query, Java Management Extensions (JMX), and SSO Directory Service.

If you are using the SAML 2.0 Attribute Query profile as a service provider (SP), then the requesting applications at your site must authenticate to the PingFederate server. For more information, see Attribute Query and XASP and the /sp/startAttributeQuery.ping SP application endpoint.

Authentication is required to access PingFederate runtime data via JMX (see Runtime monitoring using JMX) or to make SOAP calls to the Connection Management Service. Authentication is optional for the SSO Directory Service. For more information, see Web service interfaces and APIs and SSO Directory Service.

Note:

To help ensure network security, access to all of these services is deactivated when PingFederate is first installed.

To activate and configure authentication for the Connection Management Service, grant the administrators all three administrative roles: Admin, Crypto, and User Admin. For more information, see Connection Management Service.

  • To enable a service:
    1. On Security > System Integration > Service Authentication, select Action > Activate for your desired service.
    2. Enter or modify) the service account ID and define or reset the Shared Secret.
      You and the application developer must agree to these values.
      Tip:

      Authentication is optional for the SSO Directory Service.

  • To disable a service, on Security > Service Authentication, select Deactivate under Action for your desired service.
    Note:

    Although not accessible when deactivated, the Connection Management Service and the SSO Directory Service are deployed by default with PingFederate. If your organization does not plan to use one or both of these services, you can remove the following WAR file or files:

    • <pf_install>/pingfederate/server/deploy2/pf-mgmt-ws.war for the Connection Management Service
    • <pf_install>/pingfederate/server/deploy/pf-ws.war for the SSO Directory Service