Page created: 20 Sep 2021
|
Page updated: 11 Jul 2023
You can integrate PingFederate out-of-the-box with the CyberArk Credential Provider, an external secret management system (secret manager).
Install the Credential Provider and note the path to the CyberArk SDK file, JavaPasswordSDK.jar. The CyberArk website provides more information about the CyberArk Credential Provider and how to install it.
The Credential Provider supports the following authentication methods: allowed machines, OS user, path, and hash.
To integrate PingFederate with the CyberArk Credential Provider:
-
Set the path for the CyberArk SDK .jar file,
JavaPasswordSDK.jar, in PingFederate, ensuring that the path you set reflects
the location of the file you installed.
- If PingFederate is running on a Linux system, add the
classpath
to the run.sh script.... cyberarksdkjar="/opt/CARKaim/sdk/javapasswordsdk.jar" # Set variable here BEFORE the lines below in run.sh. # If cyberarksdkjar is set, check that the file exists and add it to the classpath. if [ "x$cyberarksdkjar" != "x" ]; then if [ ! -f "$cyberarksdkjar" ]; then die "Missing $cyberarksdkjar" else PF_BOOT_CLASSPATH="$PF_BOOT_CLASSPATH:$cyberarksdkjar" fi fi ...
- If PingFederate is running on a Microsoft system, add
the
classpath
to the run.bat script.... set "CYBERARKJAR=%ProgramFiles(x86)%\CyberArk\ApplicationPasswordSdk\JavaPasswordSDK.jar" REM Set variable here BEFORE the lines below in run.bat. REM If CYBERARKJAR is set, check that the file exists and add it to the classpath. if NOT ["!CYBERARKJAR!"] == [""] ( if not exist "%CYBERARKJAR%" ( echo Missing "%CYBERARKJAR%" EXIT /B 1 ) else ( set PF_CLASSPATH=%PF_CLASSPATH%;!CYBERARKJAR! ) ) ...
- If PingFederate is running as a Microsoft Windows
service, add the
classpath
to the PingFederateService.conf configuration file.... wrapper.java.classpath.9=%ProgramFiles(x86)%/CyberArk/ApplicationPasswordSdk/JavaPasswordSDK.jar ...
- If PingFederate is running on a Linux system, add the
- Restart the PingFederate server.
After integrating PingFederate with the CyberArk Credential Provider, you can:
- Configure instances of the secret manager in PingFederate.
- Configure authentication methods between the CyberArk Credential Provider and its CyberArk Vault. For more information, see CyberArk's authentication methods.