1. From the extracted distribution .zip archive, deploy the authentication plug-in jar, dist/PingOpenTokenAuthPlugin.jar, within OAM 11g and create an Authentication Module. For information on authentication plugins see About the Custom Plug-in Life Cycle in the OAM documentation.
  2. The authentication plugin requires the opentoken configuration file (agent-config.txt) which can be obtained through the SP adapter configuration as described in the section below . Specify the location of this file for the authentication plugin property opentokenConfigFile .
  3. Create or update an authentication scheme to use the plug-in deployed in Step 1. Use the following values for the authentication scheme parameters.
    Parameter Value
    Challenge Method Form
    Challenge Redirect URL /oam/server/
    Authentication Module Select the authentication module from step 1.
    Challenge URL http(s)://<PF_HOST:PF_PORT>/ext/pf-oam-authn/sso.ping
    Context Type external
  4. Configure an OAM Webgate to use the updated authentication scheme.