Preparing PingFederate for PingAccess connectivity

Use Cases

Use Cases

Combine PingFederate 10.1 with PingAccess 6.1 in a basic configuration to perform a proof of concept for protecting web applications. To set up this proof of concept, configure PingFederate for PingAccess connectivity.

To configure PingFederate for PingAccess connectivity, use the PingFederate console.

  1. To verify PingFederate roles and protocols, go to System > Server > Protocol Settings, and then proceed to Enabling PingFederate roles and protocols.

    In PingFederate 10.1.x, all necessary roles and protocols are turned on by default.

  2. To verify the password credential validator (PCV) created during the setup process in Setting up PingFederate 10.1, go to System > Data & Credential Stores > Password Credential Validators.
    You see a PCV that corresponds with the directory that you set up.

    If there is no PCV displayed, see Creating a password credential validator.

  3. To verify the IdP adapter created in the setup process, go to Authentication > Integration > IdP Adapters.
    You see an HTML form adapter associated with the PCV in step 2.

    If no IdP adapter is displayed, seeConfiguring an IdP adapter.

  4. To define the default scope, go to System > OAuth Settings > Scope Management. Proceed to Defining the default scope.
  5. To create an access token manager, go to Applications > OAuth > Access Token Management.

    From Token Management, proceed to Creating an access token manager.

  6. Define an authentication policy contract.
    1. Go to Authentication > Policies > Policy Contracts.
    2. Click Create New Contract.
    3. In the Contract Name field, enter a name for your contract.
    4. Click Next until you reach the Summary section. Click Save.

    Configuring a policy contract instead of configuring an IdP adapter mapping enables more advanced and flexible authentication policies.

  7. Configure a policy contract grant mapping.
    1. Go to Security > Authentication > OAuth > Policy Contract Grant Mapping.
    2. From the Policy Contract list, select the policy you just created. Click Add Mapping.
    3. Click Next until you reach the Contract Fulfillment section.
    4. From the Source list, select Authentication Policy Contract for both User_Key and User_Name contracts.
    5. From the Value list, select Subject for both User_Key and User_Name contracts.
    6. Click Next until you reach the Summary section. Click Save.
  8. To configure an access token mapping, go to Applications > OAuth > Access Token Mapping. Proceed to Configuring an access token mapping.
  9. To create an OpenID Connect policy, go to Applications > OAuth > OpenID Connect Policy Management. Proceed to Creating an OpenID Connect policy.
  10. To create a resource server client, go to Applications > OAuth > Clients. Proceed to Creating a resource server client.
  11. To create a web session client, go to Applications > OAuth > Clients. Proceed to Creating a web session client .
  12. Create and export a certificate from PingFederate to PingAccess.
    1. Go to Security > Certificate & Key Management > SSL Server Certificates.
    2. Click Create New.
    3. In the Common Name field, enter the PingFederate server address.

      This should match the Your Domain Name entry in step 3a in Setting up PingFederate 10.1.

    4. In the Organization field, enter your organization's name.
    5. In the Country field, enter the two-letter abbreviation for your country.
    6. Complete the remaining fields as required.
    7. Click Next.
    8. Click Save.
    9. In the Action section, click Activate Default for Runtime Server.
    10. In the Action section, click Activate Default for Admin Console.
    11. In the Action section, click Export.
    12. Click Certificate Only. Click Next.
    13. Click Export, and then save the exported certificate.
    14. Click Done.

    To avoid confusion, you can delete the default localhost certificate that appears in the certificate list. In the Action section, select Deactivate, and then click Delete.

You are ready to connect PingAccess to PingFederate.