Ping SDKs

Before you begin

To successfully complete this tutorial refer to the prerequisites and compatibility requirements in this section.

The tutorial also requires a configured PingFederate server.

Compatibility

iOS

This sample app is compatible with iOS 12 and later.

Prerequisites

Xcode

You can download the latest version for free from https://developer.apple.com/xcode/.

Server configuration

This tutorial requires you to configure your PingFederate server as follows:

Task 1. Register a public OAuth 2.0 client

OAuth 2.0 client application profiles define how applications connect to PingFederate and obtain OAuth 2.0 tokens.

To allow the Ping SDKs to connect to PingFederate and obtain OAuth 2.0 tokens, you must register an OAuth 2.0 client application:

  1. Log in to the PingFederate administration console as an administrator.

  2. Navigate to Applications  OAuth  Clients.

  3. Click Add Client.

    PingFederate displays the Clients | Client page.

  4. In Client ID and Name, enter a name for the profile, for example sdkPublicClient

    Make a note of the Client ID value, you will need it when you configure the sample code.

  5. In Client Authentication, select None.

  6. In Redirect URIs, add the following values:

    org.forgerock.demo://oauth2redirect

    Also add any other URLs where you host SDK applications.

    Failure to add redirect URLs that exactly match your client app’s values can cause PingFederate to display an error message such as Redirect URI mismatch when attempting to end a session by redirecting from the SDK.

  7. In Allowed Grant Types, select the following values:

    Authorization Code

    Refresh Token

  8. In the OpenID Connect section:

    1. In Logout Mode, select Ping Front-Channel

    2. In Front-Channel Logout URIs, add the following values:

      org.forgerock.demo://oauth2redirect

      Also add any other URLs that redirect users to PingFederate to end their session.

      Failure to add sign off URLs that exactly match your client app’s values can cause PingFederate to display an error message such as invalid post logout redirect URI when attempting to end a session by redirecting from the SDK.

    3. In Post-Logout Redirect URIs, add the following values:

      org.forgerock.demo://oauth2redirect

  9. Click Save.

    After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.

    In the PingFederate administration console, navigate to System > Server > Cluster Management, and click Replicate.

    The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the Ping SDK PingFederate example applications and tutorials covered by this documentation.

Task 2. Configure CORS

Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In PingFederate, you can configure CORS to allow browsers or apps from trusted domains to access protected resources.

To configure CORS in PingFederate follow these steps:

  1. Log in to the PingFederate administration console as an administrator.

  2. Navigate to System  OAuth Settings  Authorization Server Settings.

  3. In the Cross-Origin Resource Sharing Settings section, in the Allowed Origin field, enter any DNS aliases you use for your SDK apps.

    This documentation assumes the following configuration:

    Property Values

    Allowed Origin

    org.forgerock.demo://oauth2redirect

  4. Click Save.

    After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.

    In the PingFederate administration console, navigate to System > Server > Cluster Management, and click Replicate.

    Your PingFederate server is now able to accept connections from origins hosting apps built with the Ping SDKs.