The PingFederate HTML templates utilize the Velocity template engine, an open-source Apache project. For more information about Velocity, please refer to the Velocity project documentation on the Apache website at

You can modify most of these pages in a text editor to suit the particular branding and informational needs of your PingFederate installation. CSS and images for these pages are included in the template/assets subdirectory. Each page contains both Velocity constructs and standard HTML. The Velocity engine interprets the commands embedded in the template page before the HTML is rendered in the user's browser. At runtime, PingFederate supplies values for the Velocity variables used in the template.


You can develop and deploy your own tools using the Velocity tools framework. For a full list of available tools, see Tools Usage Summary in the Apache Velocity documentation.

Each template contains specific variables that can be used for rendering the associated web page. You can see the variables and usage examples in the comments of each template.

The following table describes variables that are available across all templates.

Variable Description and Usage
utils- utility class The utility method to display JSON String arrays. $utils.toJsonArray(Collection<Object>) - Use this method to convert a collection into a JSON string.
$escape A utility class that can be used to escape String variables inserted into the template, such as $escape.escape($ where $ is one of the variables available in the template file.

Use $escape.forJavaScript($variable) when passing String variables into a JavaScript code block or an event handler within a template, such as window.location.replace("$escape.forJavaScript($wreply)") as seen in the sourceid-wsfed-idp-signout-cleanup-template.html template file.


Use the $escape variable to escape external data, such as request parameters, to mitigate the risk of potential cross-site scripting (XSS) attacks.

$HttpServletRequest A Java object instance of javax.servlet.http.HttpServletRequest. Used to add additional knowledge about the request that is otherwise unavailable in the template, such as the User-Agent HTTP header.
$HttpServletResponse A Java object instance of javax.servlet.http.HttpServletResponse. Used to modify the response in the template, such as setting additional browser cookies.
$locale A Java object instance of java.util.Locale that represents a user's country and language. Used to customize the end-user experience. For example, the locale is used to display content in the user's preferred language.
$CurrentPingFedBaseURL The host name found in the request, provided that it matches either the PingFederate's base URL or one of the configured virtual host names.
$PingFedBaseURL The PingFederate base URL.

For most deployments, use the $CurrentPingFedBaseURL variable instead of the $PingFedBaseURL variable.

$templateMessages Used to localize messages in the template, based on user's Locale, an instance of com.pingidentity.sdk.locale.LanguagePackMessages. For more information, see the Javadoc for the LanguagePackMessages class in the directory <pf_install>/pingfederate/sdk/doc.
$TrackingId The user's session tracking ID.

The following describes variables that are available on some templates.

Variable Description

The entity ID (connection ID) of the SP connection used in this SSO transaction.


The name of the SP Connection used in this SSO transaction.


The ID of the OAuth client used in this transaction.


The SP Adapter ID used in this transaction.


The base URL of PingFederate instance.


The IdP Adapter ID used in this transaction.


The value of the OpenID Connect ui_locales parameter that conveys the user's preferred languages and scripts for the user interface.


The extended properties defined on either the connection or OAuth client.


The user's display name, email address, and other user-specific data retrieved from the template type used in this transaction. The $userAttributes variable represents the attributes associated with a user's identity and enables the retrieval of user-specific information across templates.

In Local Identity Profile (LIP)-related templates, the attribute names of $userAttributes are derived from the data store mapping configured in Authentication > Policies > Local Identity Profiles > Data Store Configuration > Data Store Mapping. For example, is an attribute in this context.

In Adapter-related templates, the attribute names of $userAttributes are based on the configured contract in the LDAP-type password credential validator (PCV). For non-LDAP PCVs, the attribute names are derived from the implementation of the SDK method, ResettablePasswordCredential.findUser(). The following attributes are commonly used:

  • userAttributes.userName
  • userAttributes.givenName
  • userAttributes.mail
  • userAttributes.pingid
  • userAttributes.mailVerified
$grantAttributes The attributes of the grant used in this transaction.

Changing Velocity or JavaScript code is not recommended.

At runtime, the user's browser is directed to the appropriate page, depending on the operation being performed and where the related condition occurs. For example, if a single sign-on (SSO) error occurs during identity provider (IdP)-initiated SSO, the user's browser is directed to the IdP's SSO error-handling page.

Applications can override the PingFederate server-hosted pages provided specifically for SSO and single logout (SLO) errors by specifying a URL value in the relevant application endpoint's InErrorResource parameter. Administrators can override SSO and SLO success pages by specifying default URLs on the SP Default URLs window (Applications > Integration > SP Default URLs) or the IdP Default URL window (Authentication > Integration > IdP Default URL).

The Velocity templates retrieve titles and other text from a message-property file,, located in the <pf_install>/pingfederate/server/default/conf/language-packs directory. You can also localize these messages using the PingFederate localization framework.


If you have a clustered PingFederate environment, copy the customized, and localized, templates to each node.

Strict content security policy for HTML templates

Content security policy (CSP) is a security feature that protects against cross-site scripting (XSS) attacks by controlling what resources a web page can load. When creating customizable user-facing pages, ensure that your HTML templates follow a strict CSP to prevent the execution of any unsafe or unauthorized scripts and resources on the user's browser. For more information, see Content Security Policy (CSP) in the Mozilla developer documentation.

PingFederate enforces a CSP on its HTML templates through the <meta> HTML element. The CSP configured though this element varies depending on the template and the use-cases it supports. You can modify the CSP to work with your template customizations and security requirements. The $CSPNonce Velocity variable is available on all templates, and you can use this variable to allow inline scripts and styles by including the nonce in <script> and <script> HTML tags.