When the administrative API is protected by native authentication, access to the
administrative API is restricted to the users defined in the Account
Management window.
The API calls must be authenticated by valid credentials
over HTTP Basic authentication; otherwise, the administrative API returns an error message.
The roles assigned to the users affect the results of the API calls.
-
Verify the pf.admin.api.authentication value in
<pf_install>/pingfederate/bin/run.properties
is set to
native
. Update as needed and restart PingFederate to
activate this change.
Note:
In a clustered PingFederate environment, you only need to modify
run.properties on the console node.
-
Sign on to the administrative console with an account that has the User Admin
role.
Important:
When the administrative console is protected by an alternative console
authentication, such as certificate-based, LDAP, or RADIUS authentication, most
user-management functions are handled outside the scope of the PingFederate
administrative console. Therefore, the administrative console disables the
functionality of the window unless the logged-on administrator has been granted User
Admin permissions.
To create or manage users in this scenario, add at least one external account
to the role setting userAdmin
in the configuration file for
the respective authentication method. When the administrator logs on to the
administrative console, the Administrative Accounts window
becomes available to create or manage users for the purposes of accessing the
administrative API.
For more information about the alternative console authentication and the
respective configuration, see Alternative console authentication.
-
On the Administrative Accounts window, create or manage users
as needed, and assign various PingFederate administrative roles as indicated by the
PingFederate User Access Control table. For more information, see Configure access to the administrative API.
Note:
When assigning roles, remember that all users defined in the
Administrative Accounts window can access the
administrative API and the administrative console.