CyberArk administrators can configure one or more authentication methods between the CyberArk Credential Provider and its Vault.
- OS user
- Allowed machines
For information about CyberArk's authentication methods, see Application authentication methods in the CyberArk documentation.
The following sections provide additional information specific to using the hash authentication method and OS user authentication method with PingFederate.
Hash authentication method
For information about using the hash authentication method, see Authenticate with a hash value in the CyberArk documentation.
The hash changes when you perform a major or minor upgrade, or a maintenance update, of PingFederate. So you must regenerate the hash after an upgrade or update, otherwise PingFederate won’t be able to retrieve credentials from CyberArk.
The following syntax and examples show how to use CyberArk's aimgetappinfo utility to generate a hash in Linux and Windows environments.
aimgetappinfo GetHash -FilePath "<path to>/pf-core-plugins.jar"
Linux example command and its output
/opt/CARKaim/bin$ ./aimgetappinfo GetHash -FilePath "/home/imok/Downloads/pingfederate-11.0.0/pingfederate/server/default/lib/pf-core-plugins.jar" <generated hash> Command ended successfully
AIMGetAppInfo GetHash /FilePath "<path to>\pf-core-plugins.jar"
Windows example command and its output
C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Utils>AIMGetAppInfo GetHash /FilePath "C:\Users\Administrator\Downloads\pingfederate-11.0.0\pingfederate\server\default\lib\pf-core-plugins.jar" <generated hash> Command ended successfully
OS user authentication method
For information about the OS user authentication method, see OS user authentication in the CyberArk documentation.
In a Windows environment, if the PingFederate Windows service is installed or configured with Log On As: Local System, the CyberArk admin must enter NT AUTHORITY\SYSTEM as the OS user entry.