Administrators with the Admin role can activate and configure authentication for Attribute Query, Java Management Extensions (JMX), and SSO Directory Service.
If you are using the SAML 2.0 Attribute Query profile as a service provider (SP), then the requesting applications at your site must authenticate to the PingFederate server. For more information, see Attribute Query and XASP and the /sp/startAttributeQuery.ping SP application endpoint.
Authentication is required to access PingFederate runtime data via JMX (see Runtime monitoring using JMX) or to make SOAP calls to the Connection Management Service. Authentication is optional for the SSO Directory Service. For more information, see Web service interfaces and APIs and SSO Directory Service.
To help ensure network security, access to all of these services is deactivated when PingFederate is first installed.
To activate and configure authentication for the Connection Management Service, grant the administrators all three administrative roles: Admin, Crypto, and User Admin. For more information, see Connection Management Service.
To enable a service:
- On , select for your desired service.
Enter or modify) the service account ID and define or
reset the Shared Secret.
You and the application developer must agree to these values.Tip:
Authentication is optional for the SSO Directory Service.
To disable a service, on Deactivate under
Action for your desired service.
, select Note:
Although not accessible when deactivated, the Connection Management Service and the SSO Directory Service are deployed by default with PingFederate. If your organization does not plan to use one or both of these services, you can remove the following WAR file or files:
- <pf_install>/pingfederate/server/deploy2/pf-mgmt-ws.war for the Connection Management Service
- <pf_install>/pingfederate/server/deploy/pf-ws.war for the SSO Directory Service