The following table summarizes the ports and protocols that PingFederate Bridge uses to communicate with external components. This information provides guidance for firewall administrators to ensure the correct ports are available across network segments.
Direction refers to the direction of the initial requests relative to PingFederate Bridge. Inbound refers to requests received by PingFederate Bridge from external components. Outbound refers to requests sent by PingFederate Bridge to external components.
Service | Protocol, direction, transport, default port | Source | Destination | Description |
---|---|---|---|---|
Administrative console | HTTPS, inbound, TCP, 9999 | Browsers accessing the administrative console, REST calls to the
administrative API, web service calls to the Connection Management
Service. Applicable to the console node in a clustered PingFederate environment. |
Administrative node | Used for incoming requests to the administrative
console. Configurable in the run.properties file. |
Runtime engine | HTTPS, inbound, TCP, 9031 (and 9032 if configured) | Browsers accessing the runtime server for SSO or SLO; web service
calls to the SSO Directory Service; REST calls to the OAuth Client
Management Service, the OAuth Access Grant Management Service, the
Persistent Grant Management API, and the Session Revocation
API. Applicable to all runtime engine nodes in a clustered PingFederate environment. |
Runtime engine nodes | Used for incoming requests to the runtime engine. Configurable in the run.properties file. |
PingOneĀ® for Enterprise integration (if configured) | HTTPS and secure WebSocket, TCP, 443 | PingFederate Applicable to the console node in a clustered PingFederate environment. |
pingone.com | Used for communications between PingFederate and PingOne for the purpose of establishing and maintaining a managed SP connection to PingOne for Enterprise, monitoring of PingFederate from the PingOne admin portal, authenticating end users against the PingOne Directory. |
Active Directory domains/Kerberos realms (if configured) | Kerberos, outbound, TCP or UDP, 88 | PingFederate | Windows domain controllers | Used for communications between PingFederate and Windows domain controllers for the purpose of Kerberos authentication. |
For PingID integration, refer to PingID documentation for a list of required URLs and ports.
Furthermore, additional ports may be required depending on the integration kits deployed and the connecting third-party systems; for example, email server or SMS service provider.