To set up
Ensure that you have:
- A licensed version of PingFederate 10.1.2 or later
- A licensed version of PingOne
- A text editor or terminal
- The Environment Admin role in PingOne to set up SSO to PingFederate
On the Overview page, locate the PingFederate tile and click
Configure Administrator SSO.
Enter the URL for the PingFederate administrative console.
- Click Save and Continue.
Copy the provided
OpenID Connect (OIDC)settings to the oidc.properties file on the PingFederate administrative server. OpenID Connect (OIDC) OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.
The following three unique parameters allow administrators to use SSO into PingFederate 11.2 or later from any PingOne environment if they have the proper admin roles assigned for the environment. For more information, see Roles.
Request Parameter Value
The request parameter's name. The value is iss.
This field is required. Do not use
URLencoding for the name. URL URL (Uniform Resource Locator) Identifies a resource according to its Internet location.
The default value of the request parameter. The value is the authorization endpoint of the current environment if the admin identity resides in the current environment.
- If this parameter is not included in the request, the default value will be included in the authorization request.
- If this parameter is not included in the request, and no default value is specified, the parameter will not be included in the authorization request.
- This field is optional when request.parameter.overridable.1 is set to true.
Specifies whether the request parameter can be overridden at runtime. The value is set to true, which allows the admin identity’s home environment to override the value.
This field is optional. Possible values are true or false. If not specified, the default is false.
If this property is set to false, the request.parameter.default.value.1 will always be included in the authorization request and cannot be overridden.
- Click Next.
Copy the provided Run.properties file attribute value to the
run.properties file on the PingFederate administrative
- Click Next.
- Restart the PingFederate server.