--- title: Before you begin description: Prepare component: sdks version: latest page_id: sdks:oidc:tutorials/ios/pingfed/00_before-you-begin canonical_url: https://docs.pingidentity.com/sdks/latest/oidc/tutorials/ios/pingfed/00_before-you-begin.html revdate: Mon, 3 Jul 2023 18:00:37 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "iOS"] section_ids: compatibility: Compatibility prerequisites: Prerequisites server_configuration: Server configuration --- # Before you begin * **Prepare** * [Download](01_downloading-forgerocksdk.html) * [Configure](02_configuring-sample-for-pingfed.html) * [Run](03_running-sample-pingfed.html) *** To successfully complete this tutorial refer to the prerequisites and compatibility requirements in this section. The tutorial also requires a configured PingFederate server. ## Compatibility * iOS This sample app is compatible with iOS 12 and later. ## Prerequisites * Xcode You can download the latest version for free from . ## Server configuration This tutorial requires you to configure your PingFederate server as follows: > **Collapse: Task 1. Register a public OAuth 2.0 client** > > OAuth 2.0 client application profiles define how applications connect to PingFederate and obtain OAuth 2.0 tokens. > > To allow the Ping (ForgeRock) SDKs to connect to PingFederate and obtain OAuth 2.0 tokens, you must register an OAuth 2.0 client application: > > 1. Log in to the PingFederate administration console as an administrator. > > 2. Navigate to **Applications** [icon: angle-right, set=fa] **OAuth** [icon: angle-right, set=fa] **Clients**. > > 3. Click **Add Client**. > > PingFederate displays the **Clients | Client** page. > > 4. In **Client ID** and **Name**, enter a name for the profile, for example `sdkPublicClient` > > Make a note of the **Client ID** value, you will need it when you configure the sample code. > > 5. In **Client Authentication**, select `None`. > > 6. In **Redirect URIs**, add the following values: > > `org.forgerock.demo://oauth2redirect` > > | | | > | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | | Also add any other URLs where you host SDK applications.Failure to add redirect URLs that exactly match your client app's values can cause PingFederate to display an error message such as `Redirect URI mismatch` when attempting to end a session by redirecting from the SDK. | > > 7. In **Allowed Grant Types**, select the following values: > > `Authorization Code` > > `Refresh Token` > > 8. In the **OpenID Connect** section: > > 1. In **Logout Mode**, select **Ping Front-Channel** > > 2. In **Front-Channel Logout URIs**, add the following values: > > `org.forgerock.demo://oauth2redirect` > > | | | > | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | | Also add any other URLs that redirect users to PingFederate to end their session.Failure to add sign off URLs that exactly match your client app's values can cause PingFederate to display an error message such as `invalid post logout redirect URI` when attempting to end a session by redirecting from the SDK. | > > 3. In **Post-Logout Redirect URIs**, add the following values: > > `org.forgerock.demo://oauth2redirect` > > 9. Click Save. > > | | | > | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | > | | After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.In the PingFederate administration console, navigate to **System > Server > Cluster Management**, and click **Replicate**. | > > The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the Ping (ForgeRock) SDK PingFederate example applications and tutorials covered by this documentation. > **Collapse: Task 2. Configure CORS** > > [Cross-origin resource sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) lets user agents make cross-domain server requests. In PingFederate, you can configure CORS to allow browsers or apps from trusted domains to access protected resources. > > To configure CORS in PingFederate follow these steps: > > 1. Log in to the PingFederate administration console as an administrator. > > 2. Navigate to **System** [icon: angle-right, set=fa] **OAuth Settings** [icon: angle-right, set=fa] **Authorization Server Settings**. > > 3. In the **Cross-Origin Resource Sharing Settings** section, in the **Allowed Origin** field, enter any DNS aliases you use for your SDK apps. > > This documentation assumes the following configuration: > > | Property | Values | > | ---------------- | ------------------------------------- | > | `Allowed Origin` | `org.forgerock.demo://oauth2redirect` | > > 4. Click **Save**. > > | | | > | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | > | | After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.In the PingFederate administration console, navigate to **System > Server > Cluster Management**, and click **Replicate**. | > > Your PingFederate server is now able to accept connections from origins hosting apps built with the Ping (ForgeRock) SDKs.