Modify the config file in PingDirectory to add the PingOne console.
- In PingOne, go to Applications > Applications.
- Click the application you created to open the details panel.
-
Click the Configuration tab and copy the following
values to a secure location:
- Issuer
- Client ID
- Client Secret
-
Locate the PingDirectory config file at:
PingDirectory/config/sample-dsconfig-batch-files/enable-pingone-admin-console-sso.dsconfig
- Make a copy of the config file and leave the original file intact.
- Open the copy of the config file in a text editor.
-
Replace the variables with the values you copied from PingOne.
# Create an ID token validator suitable for verifying ID tokens generated # by the PingOne service. The "All Admin Users" identity mapper will be used # to match users that authenticate with PingOne to either root DN users or # topology admin users defined in the server configuration. dsconfig create-id-token-validator \ --validator-name "PingOne ID Token Validator" \ --type ping-one \ --set enabled:true \ --set "identity-mapper:All Admin Users" \ --set evaluation-order-index:1 \ --set issuer-url:<PING_ONE_APPLICATION_ISSUER_URL> [...] # Configure the Administrative Console with your application's client # credentials and issuer URI. dsconfig set-web-application-extension-prop \ --extension-name Console \ --set sso-enabled:true \ --set oidc-client-id:<PING_ONE_APPLICATION_CLIENT_ID> \ --set oidc-client-secret:<PING_ONE_APPLICATION_CLIENT_SECRET> \ --set oidc-issuer-url:<PING_ONE_APPLICATION_ISSUER_URL>
-
Run the following
dsconfig
command.dsconfig --batch-file \ enable-pingone-admin-console-sso-copy.dsconfig \ --no-prompt