Install the Credential Provider and note the path to the CyberArk SDK file, JavaPasswordSDK.jar. The CyberArk website provides more information about the CyberArk Credential Provider and how to install it.

The Credential Provider supports the following authentication methods: allowed machines, OS user, path, and hash.

Diagram of CyberArk server integrated with PingFederate server

To integrate PingFederate with the CyberArk Credential Provider:

  1. Set the path for the CyberArk SDK .jar file, JavaPasswordSDK.jar, in PingFederate, ensuring that the path you set reflects the location of the file you installed.
    • If PingFederate is running on a Linux system, add the classpath to the run.sh script.
      ... 
cyberarksdkjar="/opt/CARKaim/sdk/javapasswordsdk.jar"
# Set variable here BEFORE the lines below in run.sh. 

# If cyberarksdkjar is set, check that the file exists and add it to the classpath. 
if [ "x$cyberarksdkjar" != "x" ]; then 
  if [ ! -f "$cyberarksdkjar" ]; then 
    die "Missing $cyberarksdkjar" 
  else 
    PF_BOOT_CLASSPATH="$PF_BOOT_CLASSPATH:$cyberarksdkjar" 
  fi 
fi 
...
    • If PingFederate is running on a Microsoft system, add the classpath to the run.bat script.
      ... 
set "CYBERARKJAR=%ProgramFiles(x86)%\CyberArk\ApplicationPasswordSdk\JavaPasswordSDK.jar"
REM Set variable here BEFORE the lines below in run.bat. 

REM If CYBERARKJAR is set, check that the file exists and add it to the classpath. 
if NOT ["!CYBERARKJAR!"] == [""] ( 
  if not exist "%CYBERARKJAR%" ( 
    echo Missing "%CYBERARKJAR%" 
    EXIT /B 1 
  ) else ( 
    set PF_CLASSPATH=%PF_CLASSPATH%;!CYBERARKJAR! 
  ) 
) 
...
    • If PingFederate is running as a Microsoft Windows service, add the classpath to the PingFederateService.conf configuration file.
      ...
wrapper.java.classpath.9=%ProgramFiles(x86)%/CyberArk/ApplicationPasswordSdk/JavaPasswordSDK.jar
...
  2. Restart the PingFederate server.

After integrating PingFederate with the CyberArk Credential Provider, you can: