Page created: 16 Jul 2021 |
Page updated: 19 Jan 2022
When using the Bouncy Castle FIPS provider, some restrictions apply to PingFederate.
- As an OpenID Provider, PingFederate can use static or dynamically rotating keys to sign ID tokens, JSON web tokens (JWTs) for client authentication, and OpenID Connect request objects. When using dynamically rotating keys as part of the default configuration, the memory, not the BCFIPS key stores, stores short-term keys. The HSM can store static keys.
- PingFederate limits cipher suites to those listed in the <pf_install>/pingfederate/server/default/data/config-store/com.pingidentity.crypto.com.pingidentity.crypto.BCFIPSJCEManager file.