The following table summarizes the ports and protocols that PingFederate Bridge uses to communicate with external components. This information provides guidance for firewall administrators to ensure the correct ports are available across network segments.

Note:

Direction refers to the direction of the initial requests relative to PingFederate Bridge. Inbound refers to requests received by PingFederate Bridge from external components. Outbound refers to requests sent by PingFederate Bridge to external components.

Service Protocol, direction, transport, default port Source Destination Description
Administrative console HTTPS, inbound, TCP, 9999 Browsers accessing the administrative console, REST calls to the administrative API, web service calls to the Connection Management Service.

Applicable to the console node in a clustered PingFederate environment.

Administrative node Used for incoming requests to the administrative console.

Configurable in the run.properties file.

Runtime engine HTTPS, inbound, TCP, 9031 (and 9032 if configured) Browsers accessing the runtime server for SSO or SLO; web service calls to the SSO Directory Service; REST calls to the OAuth Client Management Service, the OAuth Access Grant Management Service, the Persistent Grant Management API, and the Session Revocation API.

Applicable to all runtime engine nodes in a clustered PingFederate environment.

Runtime engine nodes Used for incoming requests to the runtime engine.

Configurable in the run.properties file.

PingOneĀ® for Enterprise integration (if configured) HTTPS and secure WebSocket, TCP, 443 PingFederate

Applicable to the console node in a clustered PingFederate environment.

pingone.com Used for communications between PingFederate and PingOne for the purpose of establishing and maintaining a managed SP connection to PingOne for Enterprise, monitoring of PingFederate from the PingOne admin portal, authenticating end users against the PingOne Directory.
Active Directory domains/Kerberos realms (if configured) Kerberos, outbound, TCP or UDP, 88 PingFederate Windows domain controllers Used for communications between PingFederate and Windows domain controllers for the purpose of Kerberos authentication.
Note:

For PingID integration, refer to PingID documentation for a list of required URLs and ports.

Furthermore, additional ports may be required depending on the integration kits deployed and the connecting third-party systems; for example, email server or SMS service provider.