PingFederate has a variety of customizable user-facing page templates that apply to identity provider (IdP) pages. The templates are organized by HTML Form Adapter, Kerberos Adapter, single sign-on (SSO), single logout (SLO), WS-Federation, and OpenID Connect (OIDC).
HTML Form Adapter
| Page title and template file name | Purpose | Type | Action |
|---|---|---|---|
| Sign On or Choose an Account identifier.first.template.html |
Prompts a user to provide their username when an Identifier First Adapter instance is invoked to handle a sign on request. | Normal | User input required |
| Sign On html.form.login.template.html |
Displays a customizable user sign-on form when an HTML Form Adapter
instance is invoked to handle a sign on request. If the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support authentication using third-party identity providers, those identity providers are displayed on the sign-on page as well. This is a core HTML template. |
Normal | User input required |
| Change Password html.form.change.password.template.html |
Displayed when a user attempts to change their password through the HTML Form Adapter. | Normal | User input required |
| Change Password html.form.message.template.html |
Displayed when a user successfully changes their password. This is a core HTML template. |
Normal | User input required |
| Password Expiring
html.form.password.expiring.notification.template.html |
Displayed to warn an authenticated user that the password associated
with the account is about to expire. This is a core HTML template. |
Normal | User input required |
| Password Management System Message html.form.message.template.html |
Displayed when a user is being redirected to a password management
system to change their password. This is a core HTML template. |
Normal | User input required |
| Account Recovery forgot-password.html |
Displayed when a user attempts to reset their password through the
HTML Form Adapter. If the user enters a username in the sign-on form, the username carries over to this form. Otherwise, the user must enter their username to begin the self-service password reset process. |
Normal | User input required |
| Account Recovery forgot-password-resume.html |
Displayed to prompt a user to enter the one-time password sent
through a notification or to notify a user to refer to the notification
for password reset instructions. This template is applicable when the password reset type is Email One-Time Link, Email One-Time Password, or Text Message for the invoked HTML Form Adapter instance. |
Normal | User input required |
| Reset Your Password forgot-password-change.html |
Displayed to prompt a user to define a new password. | Normal | User input required |
| Account Recovery forgot-password-success.html |
Displayed when a user successfully resets their password. | Normal | User input required |
| Account Recovery forgot-password-error.html |
Displayed when a password reset attempt fails. | Error | None |
| Unlock Your Account account-unlock.html |
Displayed when a user successfully unlocks their account through the
HTML Form Adapter. This page also prompts the user to retain the current password, or reset it. |
Normal | User input required |
| Security Question html.form.login.challenge.template.html |
Displays a configurable challenge form for two-step authentication. For example, this template can be used to create a RADIUS challenge form when using the RADIUS Username/Password Credential Validator. This is a core HTML template. |
Normal | User input required |
| User Consent consent-form-template.html |
Displayed when a request requires a user’s consent for an SSO to an SP. | Normal | User input required |
| Logout Confirmation idp.slo.confirm.page.template.html |
Displayed when a user initiates a logout request. Applicable only if such confirmation is required, as configured on the window. |
Normal | User input required |
| Sign Off idp.logout.success.page.template.html |
Displayed when a user successfully signs off in a configuration where the Logout Path field is configured but the Logout Redirect field is not. | Normal | None |
| Create Your Account local.identity.registration.html |
Displays a configurable challenge form for two-step authentication.Displayed when a user requests to register for a local
account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service registration. |
Normal | User input required |
| Manage Your Profile local.identity.profile.html |
Displayed when an authenticated user accesses the profile management
endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to support self-service profile management. |
Normal | User input required |
| Email Verification local.identity.email.verification.sent.html |
Displays a notification that an email ownership verification message
has been sent when an authenticated user accesses the email ownership
verification endpoint. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Normal | None |
| Email Verified local.identity.email.verification.success.html |
Displays a confirmation that the user has successfully verified the
ownership of the email address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Normal | None |
| Email Verification Error
local.identity.email.verification.error.html |
Displays that the user failed to verify the ownership of the email
address associated with the account. Applicable only if the invoked HTML Form Adapter instance is associated with a local identity profile that is configured to offer users the opportunity to verify the ownership of the email address associated with the accounts. |
Error | User can request another verification email by accessing the email
ownership verification endpoint or the profile management page (if
enabled). Authentication is required. Alternatively, the user can contact their IT administrators for further assistance. |
| Username Recovery username.recovery.template.html |
Displays to prompt the user to enter an email address to recover the
username associated with the account. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery. |
Normal | User input required |
| Username Recovery username.recovery.info.template.html |
Displays to notify the user to retrieve the notification message with
the recovered username. Applicable only if the invoked HTML Form Adapter instance is configured to support self-service username recovery. |
Normal | User should retrieve the notification message with the recovered username. |
Kerberos Adapter
| Page title and template file name | Purpose | Type | Action |
|---|---|---|---|
| Error kerberos.error.template.html |
Displays an error page to provide standardized information to the end user when the authentication attempt fails. | Error | Consult log |
| (No title) meta.refresh.template.html |
Facilitates the failover mechanism from a Kerberos Adapter instance to the next phase when it is part of a Composite Adapter instance configuration or an authentication policy. | Normal | None |
Single sign-on and logout
| Page title and template file name | Purpose | Type | Action |
|---|---|---|---|
| Select Authentication System
sourceid-choose-idp-adapter-form-template.html |
Displayed when multiple authentication sources are applicable and no preference is submitted as part of the request. | Normal | User input required |
| Sign On Error idp.sso.error.page.template.html |
Displayed when IdP-initiated or adapter-to-adapter SSO fails and no other SSO error landing page is specified. | Error | Consult log and web developer |
| Sign Off Successful idp.slo.success.page.template.html |
Displayed when an SLO request succeeds and no other SLO success landing page is specified. | Normal | None |
| Sign Off Error idp.slo.error.page.template.html |
Displayed when an SLO request fails and no other SLO error landing page is specified. | Error | User should close the browser |
WS-Federation and OpenID Connect
| Page title and template file name | Purpose | Type | Action |
|---|---|---|---|
| Working . . . sourceid-wsfed-http-post-template.html |
Used to auto-submit a WS-Federation assertion to the SP. If
JavaScript is disabled, the user is prompted to click a button to POST
the assertion directly. This page is normally not displayed if JavaScript executes properly. |
Normal | None |
| Signing off. . .
sourceid-wsfed-idp-signout-cleanup-invisible-template.html |
WS-Federation and OIDC client IdP sign-out processing page. No HTML is rendered in the browser. |
Normal | None |
| Sign Off Successful
sourceid-wsfed-idp-signout-cleanup-template.html |
Indicates user signed out of the IdP under the WS-Federation protocol
and lists each successful SP logout, when applicable. Also displays when an OIDC client sends a logout request to the /idp/startSLO.ping endpoint to initiate an Asynchronous Front-Channel Logout process. |
Normal | None |