Combine PingFederate 10.1 with PingAccess 6.1 in a basic configuration to perform a proof of concept for protecting web applications. To set up this proof of concept, configure PingFederate for PingAccess connectivity.
To configure PingFederate for PingAccess connectivity, use the PingFederate console.
-
To verify PingFederate roles and protocols, go to System > Server > Protocol Settings, and then proceed to Enabling PingFederate roles and protocols.
Note:
In PingFederate 10.1.x, all necessary roles and protocols are turned on by default.
-
To verify the password credential validator (PCV) created during the setup
process in Setting up PingFederate 10.1, go to System > Data & Credential Stores > Password Credential Validators.
You see a PCV that corresponds with the directory that you set up.Note:
If there is no PCV displayed, see Creating a password credential validator.
-
To verify the IdP adapter created in the setup process, go to Authentication > Integration > IdP Adapters.
You see an HTML form adapter associated with the PCV in step 2.Note:
If no IdP adapter is displayed, seeConfiguring an IdP adapter.
- To define the default scope, go to System > OAuth Settings > Scope Management. Proceed to Defining the default scope.
-
To create an access token manager, go to Applications > OAuth > Access Token Management.
From Token Management, proceed to Creating an access token manager.
-
Define an authentication policy contract.
- Go to Authentication > Policies > Policy Contracts.
- Click Create New Contract.
- In the Contract Name field, enter a name for your contract.
- Click Next until you reach the Summary section. Click Save.
Note:Configuring a policy contract instead of configuring an IdP adapter mapping enables more advanced and flexible authentication policies.
-
Configure a policy contract grant mapping.
- Go to Security > Authentication > OAuth > Policy Contract Grant Mapping.
- From the Policy Contract list, select the policy you just created. Click Add Mapping.
- Click Next until you reach the Contract Fulfillment section.
- From the Source list, select Authentication Policy Contract for both User_Key and User_Name contracts.
- From the Value list, select Subject for both User_Key and User_Name contracts.
- Click Next until you reach the Summary section. Click Save.
- To configure an access token mapping, go to Applications > OAuth > Access Token Mapping. Proceed to Configuring an access token mapping.
- To create an OpenID Connect policy, go to Applications > OAuth > OpenID Connect Policy Management. Proceed to Creating an OpenID Connect policy.
- To create a resource server client, go to Applications > OAuth > Clients. Proceed to Creating a resource server client.
- To create a web session client, go to Applications > OAuth > Clients. Proceed to Creating a web session client .
-
Create and export a certificate from PingFederate to PingAccess.
- Go to Security > Certificate & Key Management > SSL Server Certificates.
- Click Create New.
-
In the Common Name field, enter the PingFederate
server address.
Note:
This should match the Your Domain Name entry in step 3a in Setting up PingFederate 10.1.
- In the Organization field, enter your organization's name.
- In the Country field, enter the two-letter abbreviation for your country.
- Complete the remaining fields as required.
- Click Next.
- Click Save.
- In the Action section, click Activate Default for Runtime Server.
- In the Action section, click Activate Default for Admin Console.
- In the Action section, click Export.
- Click Certificate Only. Click Next.
- Click Export, and then save the exported certificate.
- Click Done.
Tip:To avoid confusion, you can delete the default localhost certificate that appears in the certificate list. In the Action section, select Deactivate, and then click Delete.