The PingFederate Apache Agent is represented by the <apache_home>/conf/mod_pf.conf Apache module (dynamic library) and an auxiliary OpenToken library. The behavior of the Apache Agent is controlled by properties contained in the mod_pf.conf file.
  1. Download the Apache Linux Integration Kit .zip archive from the Ping Identity Integration Directory.
  2. From the Apache Linux Integration Kit .zip archive, copy the contents of the apache-agent/lib directory that corresponds to your version of Linux into your Apache /modules directory. If the files already exist, overwrite them.

    For an Apache HTTP Server running on Canonical Ubuntu 20.04, use the modules found in the subdirectory: Apache_2.4/Ubuntu20_64.

  3. For new installations, from the integration-kit apache-agent/config directory, copy the mod_pf.conf, start_page_template.html, and the error_page_template.html files into the /conf directory of your Apache installation.
  4. Copy the agent-config.txt file that you downloaded in Configuring an OpenToken SP Adapter instance to the Apache /conf folder.
  5. If you are using Security Enhanced Linux, run the following commands as the root user.
    chcon --reference /usr/sbin/httpd /etc/httpd/modules/
    chcon --reference /usr/sbin/httpd /etc/httpd/modules/

    This allows the agent to run in the httpd context.


    The paths above assume the default Linux installation.

  6. Add the following in the Apache httpd.conf file above any other LoadModule statements:
    LoadModule access_compat_module modules/
    LoadFile modules/
    LoadModule pf_module modules/
    PingFederateConfigurationFile conf/mod_pf.conf
  7. Add the following within all Directory contexts that should be handled by the Agent.
    AuthType PFApacheAgent

    Use a "deny by default" configuration for all directories that you want the Apache Agent to protect.

    Order Deny,Allow
    Deny from all

    For more AuthType examples, see Apache Integration Kit AuthType examples in the Ping Identity Knowledge Base.

  8. Restart Apache.