Operating systems and virtualization

Note:

PingFederate is tested with default configurations of operating-system components. If your organization customizes implementations or installs third-party plug-ins, deployment efforts might affect the PingFederate server.

Operating systems
  • Amazon Linux 2
  • Canonical Ubuntu 16.04 LTS
  • Canonical Ubuntu 18.04 LTS
  • Canonical Ubuntu 20.04 LTS
  • Microsoft Windows Server 2012 R2, 2016, and 2019
  • Oracle Enterprise Linux 7.9 (Red Hat compatible kernel)
  • Oracle Enterprise Linux 8.2 (Red Hat Compatible Kernel)
  • Red Hat Enterprise Linux ES 7.9
  • Red Hat Enterprise Linux ES 8.2
  • SUSE Linux Enterprise 12 SP5
  • SUSE Linux Enterprise 15 SP2
Note:

If you have a Windows Server 2012 R2 environment, you should upgrade to a later version. For more information, including the end of support for Windows Server 2012 R2 in July 2023, see Upgrade considerations.

Docker support
  • Docker version: 18.09.0 and later

    View the PingFederate Docker image on DockerHub. Visit Ping Identity’s DevOps documentationfor more information. Note that only the PingFederate software is licensed under Ping Identity’s end user license agreement, and any other software components contained within the image are licensed solely under the terms of the applicable open source/third party license.

    Note:

    Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance or interoperability of any virtualization software with its products.

Virtualization
Although Ping Identity does not qualify or recommend any specific virtual-machine (VM) or container products other than those listed above, PingFederate has run well on several, including Hyper-V, VMWare, and Xen.
Note:

The list of products is provided for example purposes only. We view all products in this category equally. Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance, interoperability, or both of any VM or container software with its products.

Java environment

  • Amazon Corretto 11
  • Amazon Corretto 8
  • OpenJDK 11
  • Oracle Java SE Development Kit 11 LTS
  • Oracle Java SE Runtime Environment (Server JRE) 8
Note:

Ping Identity Java Support Policy applies. For more information, see Java Support Policy in the Ping Identity Knowledge Base.

Important:

PingFederate does not support any JDK 11 version prior to 11.0.4 due to an error covered in the Oracle Java Bug Database.

Browsers

Runtime server
  • Apple Safari
  • Google Chrome
  • Microsoft Edge
  • Microsoft Internet Explorer 11
  • Mozilla Firefox
  • Apple iOS 14 (Safari)
  • Google Android 10 (Chrome)
Administrative server
  • Google Chrome
  • Microsoft Edge
  • Microsoft Internet Explorer 11
  • Mozilla Firefox
Note:

For a modern browser experience, you should migrate off Microsoft Internet Explorer 11. For more information, including the end of support of Internet Explorer 11 in December, 2021, see Upgrade considerations.

TLS protocol

Runtime server and administrative server
  • TLS 1.2 and 1.3
Note:

TLS 1.3 requires Java 11.

Datastore integration

User-attribute lookup
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Amazon Aurora (MySQL 5.6.10a)
  • Amazon Aurora (PostgreSQL 10.11)
  • Microsoft Active Directory 2012 R2 and 2016
  • Microsoft SQL Server 2016 SP2 and 2017
  • Oracle Unified Directory 12c
  • Oracle Database 12c Release 1 (12.1.0.2.0)
  • Oracle Database 19c
  • Oracle MySQL 8.0
  • PostgreSQL 9.6.19 and 11.9
SaaS or SCIM outbound provisioning
Provisioning channel data source
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Microsoft Active Directory 2012 R2 and 2016
  • Oracle Unified Directory 12c
Provisioning internal datastore
  • Amazon Aurora (MySQL 5.6.10a)
  • Amazon Aurora (PostgreSQL 10.11)
  • Microsoft SQL Server 2016 and 2017
  • Oracle Database 12c Release 1
  • Oracle Database 19c
  • Oracle MySQL 8.0
  • PostgreSQL 9.6.19 and 11.9
SCIM inbound provisioning
  • Microsoft Active Directory 2012 R2 and 2016
  • Custom implementation through the PingFederate SDK
Just-in-time (JIT) inbound provisioning
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Microsoft Active Directory 2012 R2 and 2016
  • Oracle Unified Directory 12c
  • Microsoft SQL Server 2016 SP2 and 2017
Account linking
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Microsoft Active Directory 2012 R2 and 2016
  • Oracle Unified Directory 12c
  • Amazon Aurora (MySQL 5.6.10a)
  • Amazon Aurora (PostgreSQL 10.11)
  • Microsoft SQL Server 2016 SP2 and 2017
  • Oracle Database 12c Release 1
  • Oracle Database 19c
  • Oracle MySQL 8.0
  • PostgreSQL 9.6.19 and 11.9
OAuth client configuration and persistent grants
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Microsoft Active Directory 2012 R2 and 2016
  • Oracle Unified Directory 12c
  • Amazon Aurora (MySQL 5.6.10a)
  • Amazon Aurora (PostgreSQL 10.11)
  • Microsoft SQL Server 2016 SP2 and 2017
  • Oracle Database 12c Release 1
  • Oracle Database 19c
  • Oracle MySQL 8.0
  • PostgreSQL 9.6.19 and 11.9
  • Custom implementation through the PingFederate SDK
Registration and profile management of local identities
  • PingDirectory 7.0, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
Persistent authentication sessions
  • PingDirectory 7.2, 7.3, 8.0, 8.1, 8.2, 8.3
  • Amazon Aurora (MySQL 5.6.10a)
  • Amazon Aurora (PostgreSQL 10.11)
  • Microsoft SQL Server 2016 SP2 and 2017
  • Oracle Database 12c Release 1 and 19c
  • Oracle MySQL 8.0
  • PostgreSQL 9.6.19 and 11.9
  • Custom implementation through the PingFederate SDK.
Note:

If you have Microsoft Active Directory environments on the 2012 R2 functional level, you should upgrade to a later version. For more information, including the end of support for the 2012 R2 functional level in July 2023, see Upgrade considerations.

Note:

PingFederate was tested with vendor-specific JDBC drivers. For more information, see Database driver information.

Hardware security modules (optional)

Note:

When integrating with a hardware security module (HSM), you must deploy with Oracle Server JRE (Java SE Runtime Environment) 8 or Amazon Corretto 8.

AWS CloudHSM
  • Client software version: 3.3.1

    PingFederate must be deployed on one of the Linux operating systems supported by both AWS CloudHSM and PingFederate .

Entrust nShield Connect HSMs (in FIPS 140-2 Level 3 mode)
  • Host and Firmware version: 12.40.0
  • Client driver version: 12.40.2
  • Hardware Models: 6000+ and XC High
Thales Luna Network HSMs
  • Universal Client 10.2

    For more information about the Universal Client, including compatible HSMs, HSM firmware, appliance software, and client software, see the documentation from Thales.

Hardware requirements

Minimum hardware recommendations
  • Multi-core Intel Xeon processor or higher

    4 CPU/Cores recommended

  • 4 GB of RAM

    1.5 GB available to PingFederate

  • 1 GB of available hard drive space
Note:

Although it is possible to run PingFederate on less powerful hardware, the guidelines provided accommodate disk space for default logging, auditing profiles, and CPU resources for a moderate level of concurrent request processing.