The following information addresses technical situations that you might encounter after setting up the PingOne Protect Integration Kit.
Using the Risk Provider with PingFederate 11.3 results in the following error:
Refused to load https://apps.<PingOne regional domain>/signals/sdk/pong.css?body=H0kaJgZiVxYYAC0DFghGXkdwQwNFRkdLMgFVRgIEGy9PDhApCgoLA0BXCEkU&e=2 because it does not appear in the style-src directive of the Content Security Policy.
Update the HTML form template in $PF_HOME/server/default/conf/templates.
HTML pages implementing ContentSecurityPolicy restrictions might
require updating the
For example, PingFederate 11.3 has updated default templates with
strict CSP settings. To use the
For more information on your PingOne regional domain, see IP address and domain reference in the PingOne documentation.
Include Device Profile is selected in the adapter configuration, but the device profile does not affect the risk result or appear in the response from PingOne Protect.
When this setting is enabled, it is possible for an error to prevent the device profile from reaching PingOne Protect.
Because PingOne Protect considers the device profile to be optional, it still successfully returns a risk evaluation to the adapter. The adapter logs a warning in the PingFederate error log about the missing device profile and returns a Success result to the authentication policy. As a result, the process succeeds but no device profile information is available.
To address the problem generating or sending the device profile, review the steps in Integrating device profiling. Make sure you have completed the correct set of steps (authentication page versus web application) and completed the steps exactly as described.