Operating systems and virtualization

Note:

PingFederate is tested with default configurations of operating-system components. If your organization customizes implementations or installs third-party plug-ins, deployment efforts might affect the PingFederate server.

Component Supported versions

Operating systems

  • Amazon Linux 2 and 2022
  • Canonical Ubuntu 18.04 LTS and 20.04 LTS
  • Microsoft Windows Server 2012 R2, 2016, 2019, and 2022
  • Oracle Linux (Red Hat Compatible Kernel) 7.9 and 8.6
  • Red Hat Enterprise Linux ES 7.9 and 8.6
  • SUSE Linux Enterprise 12 SP5 and 15 SP4
Note:

If you have a Windows Server 2012 R2 environment, you should upgrade to a later version. For more information, including the end of support for Windows Server 2012 R2 in July 2023, see Upgrade considerations introduced in PingFederate 10.x.

Docker support

  • Docker version: 20.10.21

    View the PingFederate Docker image on DockerHub. Visit Ping Identity’s DevOps documentation for more information. Note that only the PingFederate software is licensed under Ping Identity’s end user license agreement, and any other software components contained within the image are licensed solely under the terms of the applicable open source or third-party license.

    Note:

    Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance or interoperability of any virtualization software with its products.

Virtualization

Although Ping Identity does not qualify or recommend any specific virtual-machine (VM) or container products other than those already specified, PingFederate has run well on several, including Hyper-V, VMWare, and Xen.

Note:

The list of products is provided for example purposes only. We view all products in this category equally. Ping Identity accepts no responsibility for the performance of any specific virtualization software and in no way guarantees the performance, interoperability, or both of any VM or container software with its products.

Java environment

  • Amazon Corretto 8, 11, and 17
  • OpenJDK 11 and 17
  • Oracle Java SE Development Kit 11 LTS and 17 LTS
  • Oracle Java SE Runtime Environment (Server JRE) 8
Note:

Ping Identity Java Support Policy applies. For more information, see Java Support Policy in the Ping Identity Knowledge Base.

Important:

PingFederate does not support any JDK 11 version prior to 11.0.4 due to an error covered in the Oracle Java Bug Database.

Browsers

Server Supported browsers

Runtime server

  • Apple Safari
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Apple iOS 15 (Safari)
  • Google Android 11 (Chrome)

Administrative server

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

TLS protocol

Runtime server and administrative server
  • TLS 1.2 and 1.3

Datastore integration

Functionality Supported versions

User-attribute lookup

  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)
  • Aurora PostgreSQL (compatible with PostgreSQL 14.3)
  • Microsoft Active Directory 2012 R2 and 2016
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Database 12c Release 2 and 19c
  • Oracle MySQL 8.0
  • Oracle Unified Directory 12c
  • PostgreSQL 11 and 13
  • Custom implementation through the PingFederate SDK

SaaS or SCIM outbound provisioning

Provisioning channel data source
  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Microsoft Active Directory 2012 R2 and 2016
  • Oracle Unified Directory 12c
Provisioning internal datastore
  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)
  • Aurora PostgreSQL (compatible with PostgreSQL 14.3)
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Database 12c Release 2 and 19c
  • Oracle MySQL 8.0
  • PostgreSQL 11 and 13

SCIM inbound provisioning

  • Microsoft Active Directory 2012 R2 and 2016
  • Custom implementation through the PingFederate SDK

Just-in-time (JIT) inbound provisioning

  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Microsoft Active Directory 2012 R2 and 2016
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Unified Directory 12c

Account linking

  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)
  • Aurora PostgreSQL (compatible with PostgreSQL 14.3)
  • Microsoft Active Directory 2012 R2 and 2016
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Database 12c Release 2 and 19c
  • Oracle MySQL 8.0
  • Oracle Unified Directory 12c
  • PostgreSQL 11 and 13

OAuth client configuration and persistent grants

  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)
  • Aurora PostgreSQL (compatible with PostgreSQL 14.3)
  • Amazon DynamoDB (persistent grant only)
  • Microsoft Active Directory 2012 R2 and 2016
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Database 12c Release 2 and 19c
  • Oracle MySQL 8.0
  • Oracle Unified Directory 12c
  • PostgreSQL 11 and 13
  • Custom implementation through the PingFederate SDK

Registration and profile management of local identities

  • PingDirectory 8.3, 9.0, 9.1, 9.2

Persistent authentication sessions

  • PingDirectory 8.3, 9.0, 9.1, 9.2
  • Aurora MySQL 3.02.0 (compatible with MySQL 8.0.23)
  • Aurora PostgreSQL (compatible with PostgreSQL 14.3)
  • Microsoft SQL Server 2016 SP2, 2017, and 2019
  • Oracle Database 12c Release 2 and 19c
  • Oracle MySQL 8.0
  • PostgreSQL 11 and 13
  • Custom implementation through the PingFederate SDK
Note:

If you have Microsoft Active Directory environments on the 2012 R2 functional level, you should upgrade to a later version. For more information, including the end of support for the 2012 R2 functional level in July 2023, see Upgrade considerations introduced in PingFederate 10.x.

Note:

PingFederate was tested with vendor-specific Java database connectivity (JDBC) 4.2 drivers. For more information, see Compatible database drivers.

Secret manager (optional)

CyberArk Credential Provider 12

Hardware security modules (optional)

Note:

When integrating with an AWS CloudHSM hardware security module (HSM) or Thales Luna HSM, you must deploy with an Oracle Server Java Runtime Environment (JRE), OpenJDK, or Amazon Corretto distribution of Java 8 or 11.

When integrating with an Entrust nShield Connect HSM, you must deploy with Oracle Server JRE (Java SE Runtime Environment).

Hardware security module Supported versions

AWS CloudHSM

  • Client software version: 5.7.0

    PingFederate must be deployed on one of the Linux or Windows operating systems supported by both AWS CloudHSM and PingFederate.

Entrust nShield Connect HSMs (in FIPS 140-2 Level 3 mode)

  • Host and Firmware version: 12.40.0
  • Client driver version: 12.40.2
  • Hardware Models: 6000+ and XC High

Thales Luna Cloud HSM Services and Luna Network HSM

Minimum hardware requirements

  • Multi-core Intel Xeon processor or higher

    4 CPU/Cores recommended

  • 4 GB of RAM

    1.5 GB available to PingFederate

  • 1 GB of available hard drive space
Note:

Although it's possible to run PingFederate on less powerful hardware, the guidelines provided accommodate disk space for default logging, auditing profiles, and CPU resources for a moderate level of concurrent request processing.