You must:

  1. In the PingAccess administrative console:
    1. Go to Settings > Token Provider > Runtime > Show Advanced Settings.
    2. Clear the Use Single-Logout check box.

      Screen capture of the the PingAccess Administrative console. System is selected from the Settings menu. There are Advanced settings for Back Channel Servers, Back Channel Secure, Back Channel Base Path, Skip Hostname Verification, Expected Hostname, Use Proxy, Use Single-Logout. The Use Single Logout checkbox is cleared.
    3. Click Save.
  2. In the PingFederate administrative console:
    1. Go to Authentication > Integration > IdP Adapters > Manage Adapter Instances and then select the relevant IdP adapter instance.
      The Create Adapter Instance page opens.
    2. To show the logout related fields, go to the IdP Adapter > Show Advanced Fields.
    3. In the Logout Path field, enter the path with the PingAccess endpoint.
      You can enter any valid path string.

      This value must start with a "/" character. For example, if you enter /mylogoutpath, then the logout path is /ext/mylogoutpath. Don't use a path already used by another adapter, such as /ext/pickup or /ext/dropoff.


      Use an alphanumeric string to minimize the risk of using an invalid value in this field.

    4. In the Logout Redirect field, enter the URL that PingFederate uses to redirect the user after sign off.

      The default Logout Redirect value is https://<pingaccessServer>:3000/pa/oidc/logout.

    5. For PingFederate to display a page using a template, in the Logout Template field, enter the name of the template file.
    6. In the Logout Path field, enter a path with the PingAccess endpoint.

      The default Logout Path value is <pf_install>/server/default/conf/template/

      Screen capture of the PingFederate administrative console in the Create Adapter Instance configuration page. In the middle of the list, the Logout Path and Logout Redirect fields are highlighted in green with values of /logout and, respectively.
    7. Click Done.