PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.
These fields include, but are not limited to:
- Passwords used by HTTP Basic authentication for:
- Inbound SOAP messages from partners via back-channel calls
- WS-Trust STS
- Shared secrets used by the credentials defined for:
- Attribute Query
- Java Management Extensions (JMX)
- Connection Management
- Single sign-on (SSO) Directory Service
- Passwords used by instances of the Simple Username Password Credential Validator (PCV)
- Passwords used for encrypting certificates exported with their private keys
- Pass phrases used by identity provider (IdP) Discovery
- Passwords used by administrative console credentials when native authentication is used
Passwords external to PingFederate, such as passwords used by instances of the datastores, are not subject to this password policy.
- Edit the <pf_install>/pingfederate/server/default/data/config-store/password-rules.xml file.
- Save the changes.
For a clustered PingFederate environment, perform these steps on the console node. You do not have to change or restart PingFederate on the engine nodes.