PingFederate provides two built-in, SOAP-accessible web services related to browser-based single sign-on (SSO).
These services can be used by client applications to manage partner connections and support integration of web applications, respectively.
- Connection Management Service
As of PingFederate 10.2, the Connection Management Service has been deprecated and will be removed in a future release.
- The Connection Management Service enables creation and deletion of single connection
configurations in PingFederate. This service can be used to migrate connections from
one server environment to another, for example, from testing or staging to
production, or to create new connections in a single server programmatically. Tip:
PingFederate provides a command-line utility that can be used to export and modify connections, as well as other administrative-console configurations, and then import them to target environments. For more information, see Automating configuration migration.
- SSO Directory Service
As of PingFederate 10.2, the SSO Directory Service has been deprecated and will be removed in a future release.
- The SSO Directory Service provides web application developers with information
regarding partner connections and adapter instances. Tip:
Applications accessing the Connection Management Service must first authenticate themselves to the PingFederate server. SSO Directory Service authentication is optional by default, but might be required. For more information, see Configuring service authentication.
Additionally, PingFederate provides REST-based web services and APIs for a variety of administrative and runtime tasks.
- OAuth Client Management Service
- A runtime API to manage OAuth client applications.
- OAuth Access Grant Management Service
- A runtime API to retrieve and revoke persistent grants. This API is intended for administrators to manage grants per client or per user.
- OAuth Persistence Grant Management API
- Another runtime API to retrieve and revoke persistent grants. This API is intended for the use case where clients can assume the responsibility of grant management, provided that the users authorize the clients to do so.
- Session Revocation API
- A runtime API allowing clients supporting the OpenID Connect protocol to query revocation status of their sessions and add user sessions to the revocation list.
- Administrative API
- An administrative API to manage various PingFederate settings.