docs.pingidentity.com
Open in
urlscan Pro
3.219.111.8
Public Scan
Submitted URL: https://go.pingidentity.com/NjcxLU1HSi01NzAAAAGDgIpB4EV9niOW7fySvdDB7BrjmM1lP2CElOy7XBo87wpQmT-dsogi62OxPq7zHwDuMdldGEc=
Effective URL: https://docs.pingidentity.com/bundle/pingfederate-111/page/ejm1564002949565.html?mkt_tok=NjcxLU1HSi01NzAAAAGDgIpB4KtTggDtXLPye...
Submission: On March 31 via manual from US — Scanned from DE
Effective URL: https://docs.pingidentity.com/bundle/pingfederate-111/page/ejm1564002949565.html?mkt_tok=NjcxLU1HSi01NzAAAAGDgIpB4KtTggDtXLPye...
Submission: On March 31 via manual from US — Scanned from DE
Form analysis 3 forms found in the DOM
Name: searchForm —
<form name="searchForm">
<div class="searchbar">
<i class="fa fa-search"></i>
<div class="searchbar__input-container">
<label>
<input type="text" name="q" id="searchMobile" class="st-default-search-input" role="searchbox">
</label>
<div class="coveo-search-section" id="coveo-search-section">
</div>
</div>
</div>
</form><form class="form-modal">
<div class="modal-buttons">
<p>Did you find this helpful?</p>
<div class="modal-buttons-inner">
<a data-selected="" role="button" class="pingFeedbackModalHtml_likeBtns__3olN5"><svg class="ico-thumb-up"><use xlink:href="#ico-thumb-up"></use></svg><span>Yes</span></a><a data-selected="" role="button" class="pingFeedbackModalHtml_likeBtns__3olN5"><svg class="ico-thumb-down"><use xlink:href="#ico-thumb-down"></use></svg><span>No</span></a>
</div>
</div>
<div class="form-group"><label class="pingFeedbackModalHtml_modalLabel__2mhnB">Write your review<textarea class="form-control" placeholder="What did you like or dislike? How can we improve this topic?"></textarea></label></div>
<div class="form-group"><label class="pingFeedbackModalHtml_modalLabel__2mhnB">Your email<input type="email" class="form-control" placeholder="Provide your e-mail if you'd like us to respond" value=""></label></div>
<div class="modal-actions pingFeedbackModalHtml_actions__pFhQW"><button class="btn btn-primary btn-primary--alt zDocsFeedbackSubmitButton" type="submit">SEND FEEDBACK</button><button class="btn btn-outline btn-outline--alt "
data-dismiss="modal">CANCEL</button></div>
</form><form class="form-modal">
<div class="modal-buttons">
<p>Did you find this helpful?</p>
<div class="modal-buttons-inner">
<a data-selected="" role="button" class="pingFeedbackModalHtml_likeBtns__3olN5"><svg class="ico-thumb-up"><use xlink:href="#ico-thumb-up"></use></svg><span>Yes</span></a><a data-selected="" role="button" class="pingFeedbackModalHtml_likeBtns__3olN5"><svg class="ico-thumb-down"><use xlink:href="#ico-thumb-down"></use></svg><span>No</span></a>
</div>
</div>
<div class="form-group"><label class="pingFeedbackModalHtml_modalLabel__2mhnB">Write your review<textarea class="form-control" placeholder="What did you like or dislike? How can we improve this topic?"></textarea></label></div>
<div class="form-group"><label class="pingFeedbackModalHtml_modalLabel__2mhnB">Your email<input type="email" class="form-control" placeholder="Provide your e-mail if you'd like us to respond" value=""></label></div>
<div class="modal-actions pingFeedbackModalHtml_actions__pFhQW"><button class="btn btn-primary btn-primary--alt zDocsFeedbackSubmitButton" type="submit">SEND FEEDBACK</button><button class="btn btn-outline btn-outline--alt "
data-dismiss="modal">CANCEL</button></div>
</form>Text Content
We Respect Your Privacy
Please accept cookies to allow us to provide you with the best browsing
experience across our website. Find out more on how we use cookies and how you
can change your settings.
* Allow All Cookies
* Manage Settings
We Respect Your Privacy
By visiting our website, we may store or collect information to and from your
browser, many times in the form of cookies, which are small text files that
websites use to make a user experience more efficient. By law, cookies that are
necessary to support the functionality of a website do not require user consent.
All other types require your permission. You can change your cookie preferences
or withdraw your consent at any time on our website.
Learn more about how we process personal data and how you can contact us in our
Privacy Policy.
Your consent applies to the following domains: videos.pingidentity.com,
hub.pingidentity.com, download.pingidentity.com, docs.pingidentity.com,
4.pingidentity.com, apidocs.pingidentity.com, developer.pingidentity.com,
support.pingidentity.com, documentation.pingidentity.com, pingidentity.com
* Necessary
* Performance
* Functionality
* Targeting
* Save
* Privacy Policy
Close
* Knowledge
* Developer
* Support
* Sign On
* Sign On
* Jump Menu
* Knowledge
* Developer
* Support
* Home
* Get Started
* Make It Work
* Read the Docs
* Videos
* TRY PING
*
*
This document
All documents
This document
* Use * for wildcard searches (wildcar*)
* Use ? to match a single character (gr?y matches grey and gray)
* Use double quotes to find a phrase (“specific phrase”)
* Use + for an exact match (+perform returns only perform)
* Use - to exclude a word ( -excluded)
* Use Boolean operators: AND, OR, NOT, and NEAR
Search tips
HomePingFederate Server 11.1_BETA CONTENTRelease Notes
Close contents
PINGFEDERATE SERVER 11.1_BETA CONTENT
* Expand All
--------------------------------------------------------------------------------
* Collapse All
Current
* Beta disclaimer
* Release Notes
* PingFederate 11.1 beta - March 2022
* Known issues and limitations
* Deprecated features
* Previous releases
* Introduction to PingFederate
* About identity federation and SSO
* Supported standards
* Federation roles
* Terminology
* Browser-based SSO
* SAML 1.x profiles
* SSO—Browser-POST
* SSO—Browser-Artifact
* SP-initiated (destination-first) SSO
* SAML 2.0 profiles
* Single sign-on
* SP-initiated SSO—POST-POST
* SP-initiated SSO—Redirect-POST
* SP-initiated SSO—Artifact-POST
* SP-initiated SSO—POST-Artifact
* SP-initiated SSO—Redirect-Artifact
* SP-initiated SSO—Artifact-Artifact
* IdP-initiated SSO—POST
* IdP-initiated SSO—Artifact
* Single logout
* Attribute Query and XASP
* Standard IdP Discovery
* WS-Federation
* About account linking
* Web services standards
* Web Services Security
* WS-Trust
* Request types
* OAuth 2.0
* Web redirect flow
* Device authorization grant
* CIBA grant
* CIBA by poll
* CIBA by ping
* Token exchange grant
* Assertion grant profile for OAuth 2.0 authorization grants
* OpenID Connect support
* Client management
* System for Cross-domain Identity Management (SCIM)
* Transport and message security
* Integration overview
* Bundled adapters and authenticators
* Additional integrations
* SSO integration concepts
* Identity provider integration
* Service provider integration
* Security token service
* OAuth authorization server
* User account management
* Enterprise deployment features
* Additional features
* Key concepts
* WS-Trust STS
* Connection-based policy
* Token processors and generators
* WSC and WSP support
* STS OAuth integration
* About OAuth
* Delegated access types
* Token models and management
* Grant types
* Scopes
* Consent approval
* Client management and storage
* Client authentication schemes
* Dynamic client registration
* Transient grants and persistent grants
* Grant storage and management
* Mapping OAuth attributes
* OAuth user-facing windows
* OpenID Connect
* CORS support for OAuth endpoints
* Bundled adapters and authenticators
* Security infrastructure
* Digital signatures
* Message signing
* Certificate validation
* Digital signing policy coordination
* Secure sockets layer
* Encryption
* Hierarchical plugin configurations
* Identity mapping
* Account linking
* Account mapping
* User attributes
* Attribute contracts
* Adapter contracts
* STS token contracts
* Datastores
* Attribute masking
* Token authorization
* User provisioning
* Outbound provisioning for IdPs
* Provisioning for SPs
* Customer identity and access management
* Federation hub use cases
* Bridging an IdP to an SP
* Bridging an IdP to multiple SPs
* Bridging multiple IdPs to an SP
* Bridging multiple IdPs to multiple SPs
* Federation hub and authentication policy contracts
* Federation hub and virtual server IDs
* Federation planning checklist
* Multiple virtual server IDs
* Configuration data exchange
* Installing PingFederate
* System requirements
* Compatible database drivers
* Port requirements
* Installing Java
* Installing PingFederate 11.1
* Uninstalling PingFederate
* Uninstalling PingFederate from a Windows server
* Uninstalling PingFederate from a Linux server
* Upgrading PingFederate
* Downloading PingFederate
* Preparing to upgrade PingFederate
* Upgrade considerations
* Upgrade considerations introduced in PingFederate 10.x
* Upgrade considerations introduced in PingFederate 9.x
* Upgrade considerations introduced in PingFederate 8.x
* Upgrade considerations introduced in PingFederate 7.x
* Upgrade considerations introduced in PingFederate 6.x
* Upgrading PingFederate installations
* Custom mode in the Upgrade Utility
* Post-upgrade tasks
* Reviewing administrative users
* Copying customized files or settings
* Reviewing database changes
* Provisioning datastore reset
* Enabling security enhancement in JDBC datastore queries
* Enabling the new connection pool library
* An improved index in the database table for OAuth clients
* Changes in the database tables for log messages
* Changes in the database table for account linking
* Changes in the database tables for OAuth clients
* Changes in the database tables for OAuth persistent grants and extended
attributes
* A new database table for OAuth persistent grant extended attributes
* New indexes in the database table for OAuth persistent grants
* Changes in a database table supporting nested group membership
* Logging configurations
* Migrating other components
* Resetting files and variable for HSM
* Verifying the new installation
* Updating to the latest maintenance release
* Getting Started with PingFederate
* Starting and stopping PingFederate
* Opening the PingFederate administrative console
* Setting up PingFederate
* PingFederate administrative console
* Navigation tabs and menus
* Customizing shortcuts
* Tasks and steps
* Console buttons
* Third-party cryptographic solutions
* Supported hardware security modules
* Integrating with AWS CloudHSM
* AWS CloudHSM operational notes
* Integrating with Thales Luna Network HSM
* SafeNet Luna Network HSM operational notes
* Integrating with Entrust nShield Connect HSM
* nShield Connect HSM operational notes
* Supported software security package
* Integrating with Bouncy Castle FIPS provider
* Setting up with Java 8 or Java 11
* Bouncy Castle operational notes
* Server Clustering Guide
* Overview of clustering
* Cluster protocol architecture
* Runtime state-management architectures
* Adaptive clustering
* Multi-region support
* Configuring multi-region support
* Directed clustering
* Sharing all nodes
* Designating state servers
* Defining subclusters
* Runtime state-management services
* Inter-Request State-Management (IRSM) Service
* IdP Session Registry Service
* SP Session Registry Service
* LRU memory management schemes
* Assertion Replay Prevention Service
* Artifact-Message Persistence and Retrieval Service
* Back-Channel Session Revocation Service
* Account Locking Service
* Other services
* Deploying cluster servers
* Dynamic cluster discovery
* Enabling dynamic discovery for clustering
* Migrating cluster discovery settings
* Deploying provisioning failover
* Configuration synchronization
* Console configuration push
* Configuration-archive deployment
* Administrator's Reference Guide
* Attribute mapping expressions
* Enabling and disabling expressions
* Construct OGNL expressions
* Sample OGNL expressions
* Issuance criteria and multiple virtual server IDs
* Expressions for OAuth and OpenID Connect uses cases
* Using the OGNL edit window
* Authentication policies
* Selectors
* Managing authentication selector instances
* Choosing a selector type
* Configuring an authentication selector instance
* Configuring the CIDR Authentication Selector
* Configuring the Cluster Node Authentication Selector
* Configuring the Connection Set Authentication Selector
* Configuring the Extended Property Authentication Selector
* Configuring the HTTP Header Authentication Selector
* Configuring the HTTP Request Parameter Authentication Selector
* Configuring the OAuth Client Set Authentication Selector
* Configuring the OAuth Scope Authentication Selector
* Configuring the Requested AuthN Context Authentication Selector
* Configuring the Session Authentication Selector
* Configuring a sample use case
* Policies
* Defining authentication policies
* Specifying incoming user IDs
* Configuring rules in authentication policies
* Defining authentication policies based on group membership
information
* Applying policy contracts or identity profiles to authentication
policies
* Configuring contract mapping
* Configuring local identity mapping
* Defining issuance criteria for contract or local identity mapping
* Mapping a policy contract to multiple use cases
* SP authentication policies
* Configuring an SP authentication policy for users from one IdP
* Configuring SP authentication policies for users from multiple IdPs
* Configuring SP authentication policies for internal users
* Policy fragments
* Defining a policy fragment
* Policy contracts
* Managing policy contracts
* Editing contract information
* Defining contract attributes
* Reviewing the policy contract
* Adapter Mappings
* Configuring authentication policy adapter mappings
* Defining issuance criteria for adapter mapping
* Sessions
* Configuring tracking options for logout
* Configuring application sessions
* Configuring authentication sessions
* Bundled adapters
* Composite Adapter
* Configuring a Composite Adapter instance
* HTML Form Adapter
* Configuring an HTML Form Adapter instance
* HTML Form Adapter advanced fields
* HTTP Basic Adapter
* Configuring an HTTP Basic Adapter instance
* Identifier First Adapter
* Configuring an Identifier First Adapter instance
* Identifier First Adapter and authentication policies
* Configuring a policy for multiple user populations
* Kerberos Adapter
* Authentication mechanism assurance
* Configuring a Kerberos Adapter instance for SSO authentication
* Configuring end-user browsers
* OpenToken Adapter
* Configuring an OpenToken IdP Adapter instance
* Configuring an OpenToken SP Adapter instance
* Configuring a Reference ID adapter
* Configuring an X.509 Certificate IdP adapter
* Customer IAM configuration
* Setting up PingDirectory for customer identities
* Managing local identity profiles
* Configuring local identity profile information
* Defining authentication sources
* Configuring local identity fields
* Configuring email ownership verification options
* Configuring registration options
* Configuring profile management options
* Managing datastore configuration
* Selecting a datastore for customer identities
* Configuring LDAP base DN and attributes
* Configuring LDAP relative DN and object class
* Defining datastore mapping configuration
* Reviewing datastore configuration
* Reviewing a local identity profile
* Configuring the HTML Form Adapter for customer identities
* Setting up self-service registration
* Enabling third-party identity providers
* Enabling profile management
* Creating advanced registration mapping
* Enabling third-party identity providers without registration
* Customizing assertions and authentication requests
* Message types and available variables
* Sample customizations
* Fulfillment by datastore queries
* Attribute mapping with multiple data sources
* Datastore query configuration
* Choosing a datastore
* Specifying database tables and columns
* Entering a database search filter
* Specifying directory properties and attributes
* Defining encoding for binary attributes
* Entering a directory search filter
* Specifying data source filters and fields
* Specifying data source filters for REST API datastores
* Specifying a dynamic authorization header for a REST API datastore
* Specifying filters and fields for a custom datastore
* Configuring failsafe options
* Reviewing datastore query configurations
* IdP-to-SP bridging
* Adapter-to-adapter mappings
* Managing mappings
* Assigning a license group
* Configuring attribute sources and user lookup for adapter-to-adapter
mappings
* Configuring target application information
* Configuring contract fulfillment for adapter-to-adapter mappings
* Configuring a default target URL (optional)
* Defining issuance criteria for adapter-to-adapter mappings
* Reviewing the adapter-to-adapter mapping
* Token translator mappings
* Managing token mappings
* Configuring attribute sources and user lookup for token mapping
* Configuring contract fulfillment for token exchange mapping
* Defining issuance criteria for token translator mapping
* Reviewing the token exchange mapping
* Identity provider SSO configuration
* IdP application integration settings
* Managing IdP adapters
* Creating an IdP adapter instance
* Configuring an IdP adapter instance
* Invoking IdP adapter actions
* Extending an IdP adapter contract
* Setting pseudonym and masking options
* Defining the IdP adapter contract
* Defining attribute sources and user lookup
* Configuring IdP adapter contract fulfillment
* Defining issuance criteria for IdP adapter contract
* Reviewing an IdP adapter contract
* Reviewing and saving an IdP adapter configuration
* Authentication applications and the authentication API
* Managing authentication applications
* Configuring authentication applications
* Configuring a default URL and error message
* Viewing IdP application endpoints
* IdP protocol endpoints
* SP connection management
* Accessing SP connections
* Resolving SP connection errors
* Importing a connection
* Updating a SAML connection using metadata
* Choosing an SP connection template
* Choosing an SP connection type
* Choosing SP connection options
* Importing SP metadata
* Identifying the SP
* Populating extended property values for SP connections
* Configure IdP Browser SSO
* Choosing SAML 2.0 profiles
* Setting an SSO token lifetime
* Configuring SSO token creation
* Choosing an identity mapping method for IdP SSO
* Selecting a SAML Name ID type
* Selecting a WS-Federation Name ID type
* Setting up an attribute contract
* Managing authentication source mappings
* Mapping an adapter instance
* Mapping an authentication policy
* Overriding an IdP adapter instance
* Restricting an authentication source to certain virtual server
IDs
* Selecting an attribute mapping method
* Configuring default contract fulfillment for IdP Browser SSO
* Defining issuance criteria for IdP Browser SSO
* Configuring attribute sources and user lookup
* Configuring contract fulfillment for IdP Browser SSO
* Reviewing the authentication source mapping
* Reviewing the SSO token creation summary
* Configuring protocol settings
* Setting Assertion Consumer Service URLs (SAML)
* Setting a default target URL (SAML 1.x)
* Specifying the WS-Trust version
* Defining a service URL (WS-Federation)
* Specifying SLO service URLs (SAML 2.0)
* Choosing allowable SAML bindings (SAML 2.0)
* Setting an artifact lifetime (SAML)
* Specifying artifact resolver locations (SAML 2.0)
* Defining signature policy (SAML)
* Configuring XML encryption policy (SAML 2.0)
* Reviewing protocol settings
* Reviewing browser-based SSO settings
* Configuring the Attribute Query profile in an SP connection
* Defining retrievable attributes
* Configuring attribute lookup
* Choosing a datastore for Attribute Query
* Configuring mapping fulfillment for Attribute Query
* Defining issuance criteria for Attribute Query
* Specifying security policy
* Reviewing the Attribute Query configuration
* Configuring credentials
* Configuring back-channel authentication (SAML)
* Configuring authentication requirements for outbound messages
* Configuring authentication requirements for inbound messages
* Configuring digital signature settings
* Configuring signature verification settings (SAML 2.0)
* Selecting an encryption certificate
* Selecting a decryption key (SAML 2.0)
* Reviewing SP credential settings
* Configuring outbound provisioning
* Defining a provisioning target
* Specifying custom SCIM attributes
* Managing channels
* Specifying channel information
* Identifying the source datastore
* Modifying source settings
* Specifying a source location
* Mapping attributes
* Specifying mapping details
* Reviewing channel settings
* Reviewing SP connection settings
* SP affiliations
* Managing SP affiliations
* Importing affiliation metadata
* Entering affiliation information
* Managing affiliation membership
* Reviewing an SP affiliation
* OAuth configuration
* Configuring OAuth use cases
* Configuring authorization server settings
* External consent user interface
* Scopes and scope management
* Defining scopes
* Adding virtual issuers for OpenID Connect
* Configuring client settings
* Configuring dynamic client registration settings
* Supported client metadata
* Configuring scope constraints
* Managing client configuration defaults
* Selecting client registration policies
* Reviewing client settings
* Managing Client Registration Policy instances
* Configuring a Client Registration Policy instance
* Configuring a Response Type Constraints instance
* Managing OAuth clients
* Configuring OAuth clients
* Grant contract mapping
* Managing IdP adapter grant mapping
* Configuring IdP adapter attribute sources and user lookup
* Fulfilling IdP adapter grant mapping
* Defining issuance criteria for OAuth IdP adapter mapping
* Reviewing the IdP adapter mapping
* Configuring IdP connection grant mapping
* Choosing an OAuth datastore
* Fulfilling OAuth attribute mapping
* Defining issuance criteria for OAuth attribute mapping
* Reviewing the OAuth attribute mapping summary
* Managing authentication policy contract grant mapping
* Configuring policy contract attribute sources and user lookup
* Fulfilling policy contract grant mapping
* Defining issuance criteria for policy contract mapping
* Reviewing authentication policy contract mapping
* Managing resource owner credentials grant mapping
* Configuring resource owner attribute sources and user lookup
* Fulfilling resource owner credentials grant mapping
* Defining issuance criteria for resource-owner credentials mapping
* Reviewing the resource owner credentials mapping
* Token mapping
* Access token management
* Managing access token management instances
* Defining an access token management instance
* Configuring an access token management instance
* Configuring reference-token management
* Configuring JSON-token management
* Managing session validation settings
* Defining the access token attribute contract
* Managing resource URIs
* Defining access control
* Reviewing the access token management configuration
* Managing access token mappings
* Configuring access token attribute sources and user lookup
* Configuring access token fulfillment
* Defining issuance criteria for access token mapping
* Reviewing the access token mapping
* Configuring an OAuth assertion grant IdP connection
* Defining an attribute contract for the OAuth assertion grant
* Configuring access token manager mappings
* Selecting an access token manager instance
* Configuring a datastore for OAuth assertion grant attribute mapping
* Configuring OAuth assertion grant contract fulfillment
* Defining issuance criteria for OAuth assertion grants
* Reviewing OAuth assertion grant attribute mapping configuration
* Reviewing OAuth assertion grant configuration
* Configuring OpenID Connect policies
* Configuring policy and ID token settings
* Configuring the policy attribute contract
* Configuring attribute scopes
* Configuring policy attribute sources and user lookup
* Configuring ID token fulfillment
* Defining issuance criteria for policy mapping
* Reviewing your OpenID Connect policy
* Client Initiated Backchannel Authentication (CIBA)
* Managing CIBA authenticators
* Configuring a CIBA authenticator instance
* Managing CIBA request policies
* Defining a request policy
* Configuring identity hint contract
* Configuring identity hint contract fulfillment
* Configuring attribute sources and user lookup
* Fulfilling identity hint contract
* Defining issuance criteria for identity hint contract
* Reviewing identity hint contract fulfillment
* Configuring attribute sources and user lookup for request policy
contract
* Configuring request policy contract fulfillment
* Defining issuance criteria for CIBA request policy
* Reviewing your CIBA request policy
* OAuth attribute mapping using a datastore
* OAuth client session management
* Asynchronous Front-Channel Logout
* Back-Channel Session Revocation
* OAuth token exchange
* Configuring OAuth token exchange
* Defining token exchange processor policies
* Creating token exchange generator groups
* Mapping token exchange attributes to token generator attributes
* Mapping token exchange attributes to access token manager attributes
* Enabling token exchange in OAuth clients
* Security management
* Certificate and key management
* Manage trusted certificate authorities
* Manage SSL server certificates
* Manage SSL client keys and certificates
* Manage digital signing certificates and decryption keys
* Keys for OAuth and OpenID Connect
* Configuring static signing keys
* Configuring static decryption keys
* Mapping ID token signing keys to virtual issuers
* Managing certificates from partners
* Configuring certificate revocation
* Transitioning to an HSM
* Manage Partner metadata URLs
* Rotating system keys
* Managing configuration encryption keys
* System integration
* Configuring redirect validation
* Managing partner redirect validation
* Configuring incoming proxy settings
* Configuring service authentication
* Account lockout protection
* Configuring account lockout protection
* Password spraying prevention
* Configuring password spraying prevention
* Implementing a MasterKeyEncryptor using AWS KMS
* Self-service user account management
* Configuring self-service password management
* Configuring self-service account recovery
* Configuring self-service user name recovery
* Service provider SSO configuration
* SP application integration settings
* Managing SP adapters
* Creating an SP adapter instance
* Configuring an SP adapter instance
* Invoking SP adapter actions
* Extending an SP adapter contract
* Identifying the target application
* Reviewing an SP adapter configuration
* Configuring target URL mapping
* Configuring Identity Store Provisioners
* Creating an Identity Store Provisioner instance
* Defining the Identity Store Provisioner behavior
* Extending the Identity Store Provisioner contract
* Extending the Identity Store Provisioner contract for groups
* Reviewing the Identity Store Provisioner configuration
* Configuring default URLs
* Viewing SP application endpoints
* Federation settings
* Managing attribute requester mappings
* Viewing SP protocol endpoints
* Managing IdP connections
* Accessing IdP connections
* Resolving IdP connection errors
* Choosing an IdP connection type
* Choosing IdP connection options
* Importing IdP metadata
* Identifying the partner
* Populating extended property values for IdP connections
* Defining additional issuers
* Configure SP Browser SSO
* Selecting SAML profiles
* Configuring user-session creation
* Choosing an identity mapping method for SP SSO
* Defining an attribute contract
* Managing target session mappings
* Selecting a target session
* Overriding an SP adapter instance
* Restricting a target session to certain virtual server IDs
* Choosing an attribute mapping method
* Configuring target session fulfillment
* Defining issuance criteria for SP Browser SSO
* Reviewing the target session mapping
* Reviewing the session creation summary
* Configuring protocol settings
* Specifying SSO service URLs (SAML)
* Specifying a service URL (WS-Federation)
* Defining SLO service URLs (SAML 2.0)
* Selecting allowable SAML bindings (SAML)
* Specifying an artifact lifetime (SAML 2.0)
* Defining artifact resolver locations (SAML)
* Configuring OpenID Provider information
* Configuring default target URLs
* Overriding authentication context in an IdP connection
* Configuring signature policy
* Specifying XML encryption policy (for SAML 2.0)
* Reviewing protocol settings for SP browser SSO
* Reviewing Browser SSO settings
* Manage the Attribute Query profile in an IdP connection
* Setting the Attribute Authority Service URL
* Mapping attribute names for Attribute Query
* Configuring security policy for Attribute Query
* Reviewing the Attribute Query settings
* Configuring just-in-time provisioning
* Selecting attribute sources (SAML 2.0)
* Identifying the user repository
* Specifying an LDAP user-record location
* Entering an LDAP filter
* Identifying provisioning attributes for LDAP
* Choosing a SQL method
* Specifying a database user-record location
* Specifying a unique ID database column
* Specifying a stored procedure location
* Mapping attributes to a user account
* Choosing an event trigger
* Configuring an error handling method
* Reviewing the JIT provisioning configuration
* Configuring SCIM inbound provisioning
* Specifying the user repository
* Identifying an LDAP user-record location
* Defining a unique user ID
* Defining a unique group ID
* Defining custom SCIM attributes
* Configuring custom SCIM attribute options
* Writing user information to the datastore
* Identifying inbound provisioning attributes for LDAP
* Mapping attributes to user accounts
* Reviewing user mapping (Write Users) configuration
* Configuring a SCIM response
* Identifying expected user attributes for the SCIM response
* Identifying LDAP attributes for the SCIM response
* Mapping attributes into the SCIM response
* Reviewing SCIM response (Read Users) configuration
* Configuring the handling of SCIM delete requests
* Writing group information to the datastore
* Identifying inbound provisioning group attributes for LDAP
* Mapping attributes to groups
* Reviewing group mapping (Write Groups) configuration
* Configuring a SCIM response for groups
* Identifying expected group attributes for the SCIM response
* Identifying LDAP group attributes for the SCIM response
* Mapping group attributes into SCIM response
* Reviewing SCIM response for groups (Read Groups) configuration
* Reviewing the inbound provisioning configuration
* Configuring security credentials
* IdP connection management
* Configuring back-channel authentication for outbound messages
* Configuring back-channel authentication for inbound messages
* Managing digital signature settings
* Managing signature verification settings
* Choosing an encryption certificate (SAML 2.0)
* Choosing a decryption key (SAML 2.0)
* Reviewing IdP credential settings
* Reviewing an IdP connection
* OpenID Connect Relying Party support
* Creating an OpenID Connect IdP connection
* Configuring request parameters and SSO URLs
* Query parameters versus request object
* Configuring IdP discovery using a persistent cookie
* System administration
* Configuring PingFederate properties
* Configuring size limits
* PingFederate log files
* Log4j 2 logging service and configuration
* HTTP request logging
* Administrator audit logging
* API audit logging
* Administrative API audit log
* Runtime APIs audit log
* Runtime transaction logging
* Security audit logging
* Outbound provisioning audit logging
* Server logging
* Server log filter
* Logging in other formats
* Writing logs to databases
* Logging in Common Event Format
* Writing audit log in CEF
* Writing provisioner audit log in CEF
* Writing audit log for Splunk
* Alternative console authentication
* Enabling OIDC-based authentication
* Enabling LDAP authentication
* Enabling RADIUS authentication
* Multi-factor console authentication using PingID
* Solution overview
* Configuring your PingID account
* Creating an LDAP Username Password Credential Validator instance
* Configuring a PingID Password Credential Validator instance
* Configuring PingFederate to use RADIUS authentication
* Verifying your setup
* Enabling certificate-based authentication
* Configuring automatic connection validation
* Automating configuration migration
* Copying the key from the source to the target server
* Administrative console migration
* Using the migration tool
* Outbound provisioning CLI
* Customizable user-facing pages
* IdP user-facing pages
* SP user-facing pages
* Either IdP or SP user-facing pages
* OAuth user-facing pages
* Customizable email notifications
* Local administrative account management events
* Certificate events
* SAML metadata update events
* Licensing events
* HTML Form Adapter events
* Customizable text message
* Localizing messages for end users
* Locale overrides by cookies
* Retrieval of localized messages
* Configuring a password policy
* Managing cipher suites
* Manage externally stored authentication sessions
* Managing authentication sessions stored in the database
* Managing authentication sessions stored in PingDirectory
* OAuth persistent grants cleanup
* Managing expired persistent grants
* Managing expired persistent grants in PingDirectory
* Managing cleanup of persistent grants
* Specifying the domain of the PF cookie
* Specifying the domain of the PF.PERSISTENT cookie
* Extending the lifetime of the PingFederate cookie
* Configuring forward proxy server settings
* Adding custom HTTP response headers
* Configuring validation for the AudienceRestriction element
* Customizing the OpenID Provider configuration endpoint response
* Customizing the heartbeat message
* Customizing the favicon for application and protocol endpoints
* Configuring the behavior of searching multiple datastores with one
mapping
* System settings
* Server
* Protocol settings
* Specifying federation information
* Configuring WS-Trust settings
* Configuring outbound provisioning settings
* Configuring standard IdP Discovery
* Reviewing protocol settings
* Administrative accounts
* Enabling native authentication for the administrative console
* Managing local accounts and role assignments
* Enabling notification messages for account management events
* Setting or resetting passwords
* Changing passwords
* License management
* Reviewing license information
* Requesting a new license key
* Installing a license key on a new or upgraded PingFederate server
* Installing a replacement license key
* Configuring notification for licensing events
* Configuration archive
* Configuring a backup schedule
* Exporting an archive
* Importing and deploying administrative console configuration data
* Cluster management
* Replicating configurations
* Virtual host names
* Configuring virtual host names
* Extended properties
* Defining extended properties
* Metadata
* Metadata settings
* Entering system information
* Configuring metadata signing
* Configuring metadata lifetime
* Reviewing metadata settings
* Metadata export
* Exporting connection-specific SAML metadata
* Exporting selected SAML metadata
* File signing
* Signing XML files
* Monitoring and notifications
* Runtime notifications
* Configuring runtime notifications
* Runtime monitoring using JMX
* Datastores
* Adding a new datastore
* Configuring a JDBC connection
* Configuring an LDAP connection
* Setting advanced LDAP options
* Proxied authorization
* Configuring the account usability control ACI
* Configuring the password validation details request control ACI
* Defining a custom LDAP type for outbound provisioning
* Configuring other types of datastores
* Configuring a REST API datastore
* Configuring a custom datastore
* Defining a datastore for persistent authentication sessions
* Configuring an external database for authentication sessions
* Configuring PingDirectory for authentication sessions
* Using custom solutions for persistent session storage
* OAuth grant datastores
* Configuring external databases for grant storage
* Configuring directories for grant storage
* Indexing grant attributes in PingDirectory
* Using custom solutions for grant storage
* Configuring a AWS Dynamo database for persistant grants
* OAuth client datastores
* Configuring external databases for client storage
* Configuring directories for client storage
* Indexing client attributes in PingDirectory
* Using custom solutions for client storage
* Account-linking datastores
* Configuring external databases for account-link storage
* Configuring directories for account-link storage
* Password Credential Validators
* Choosing a Password Credential Validator
* Password Credential Validator instance configurations
* Configuring the LDAP Username Password Credential Validator
* Configuring the PingOne for Enterprise Directory Password Credential
Validator
* Configuring the RADIUS Username Password Credential Validator
* Configuring the Simple Username Password Credential Validator
* Extending the contract for the credential validator
* Finishing the Password Credential Validator instance configuration
* Active Directory and Kerberos
* Configuring Active Directory domains or Kerberos realms
* Multiple-domain support
* Configuring the Active Directory environment
* Adding domains
* Managing domain connectivity settings
* External systems
* Connections to PingOne
* Creating connections to PingOne
* Modifying connections to PingOne
* Connections to PingOne for Enterprise
* Configuring identity repository settings
* Use Cases
* Configuring the RADIUS server to integrate PingID with your VPN
* Configuring provisioning to PingID
* Reviewing the PingID VPN (RADIUS) configuration
* Confirmation
* Complete
* Managing PingOne for Enterprise settings
* Configuring SSO from the PingOne for Enterprise admin portal to the
PingFederate administrative console
* Monitoring PingFederate from the PingOne for Enterprise admin portal
* Updating the PingOne for Enterprise identity repository
* Managing CAPTCHA settings
* Managing SMS provider settings
* Managing notification publisher instances
* Defining a notification publisher instance
* Notification publisher instance configurations
* Configuring an Amazon SNS Notification Publisher instance
* Event types and variables
* Configuring an SMTP Notification Publisher instance
* Finalizing actions for a notification publisher instance
* Reviewing a notification publisher instance configuration
* Secret managers
* Integrating with the CyberArk Credential Provider
* CyberArk's authentication methods
* Configuring instances of the secret manager plugin for the CyberArk
Credential Provider
* Using passwords in secret managers to access datastores
* Configuring general settings
* Configuring the RADIUS server to integrate PingID with your VPN
* Troubleshooting
* Enabling debug messages and console logging
* Resolving startup issues
* Troubleshooting data store issues
* Resolving URL-related errors
* Resolving service-related errors
* Troubleshooting authentication policy issues
* Troubleshooting registration and profile management issues
* Troubleshooting runtime errors
* Activating tracking ID in templates
* Correlating log messages by PF cookie
* Correlating log messages by tracking ID
* Correlating PingFederate events with PingDirectory LDAP activities
* Troubleshooting OAuth transactions
* Reviewing an OAuth request and various OAuth settings
* Other runtime issues
* Collecting support data
* WS-Trust STS configuration
* Server settings
* Enabling the WS-Trust protocol
* Configuring STS authentication
* Identity provider STS configuration
* Managing token processors
* Selecting a token processor type
* Configuring a token processor instance
* Configuring a Username Token Processor instance
* Configuring a Kerberos Token Processor instance
* Configuring an OAuth Token Processor instance
* Configuring a JSON Web Token Processor instance
* Configuring a SAML Token Processor instance
* Extending a token processor contract
* Setting attribute masking
* Reviewing the token processor configuration
* Managing STS request parameters
* Creating a request contract
* Configuring SP connections for STS
* Configuring protocol settings for IdP STS
* Setting a token lifetime
* Configuring token creation
* Defining an attribute contract for IdP STS
* Selecting a request contract
* Managing IdP token processor mappings
* Selecting a token processor instance
* Overriding a token processor instance
* Restricting a token processor to certain virtual server IDs
* Selecting an attribute retrieval method for token creation
* Configuring attribute sources and user lookup for token creation
* Configuring contract fulfillment for token creation
* Defining issuance criteria for token creation
* Reviewing the IdP token processor mapping
* Selecting a request error handling method
* Reviewing the token creation configuration
* Reviewing the IdP STS settings
* Service provider STS configuration
* Managing token generators
* Selecting a token generator type
* Configuring a token generator instance
* Extending a token generator contract
* Reviewing the token generator configuration
* Configuring IdP connections for STS
* Configuring protocol settings for SP STS
* Configuring token generation
* Defining an attribute contract for SP STS
* Managing SP token generator mappings
* Selecting a token generator instance
* Overriding a token generator instance
* Restricting a token generator to certain virtual server IDs
* Selecting an attribute retrieval method for token generation
* Configuring contract fulfillment for token generation
* Defining issuance criteria for token generation
* Reviewing the SP token generator mapping
* Reviewing the token generation configuration
* Reviewing the SP STS configuration
* Performance Tuning Guide
* Logging
* Operating system tuning
* Linux tuning
* Windows tuning
* Concurrency
* Tuning the acceptor queue size
* Tuning the server thread pool
* Configuring connection pools to datastores
* Memory
* JVM heap
* Garbage collectors
* Young generation bias
* The memoryoptions utility
* memoryoptions and installation
* memoryoptions and upgrade
* Restoring the preserved JVM
* Fine-tuning JVM options
* Hardware security modules
* Configuration at scale
* References
* PingFederate Monitoring Guide
* Liveliness and responsiveness
* Resource metrics
* Connecting with JMX
* Connecting to a local process
* Connecting to a remote process
* Monitoring
* Thread pool
* Logging, reporting, and troubleshooting
* Creating an error-only server log
* Splunk dashboards and audit logs
* SDK Developer's Guide
* SDK directory structure
* Developing your own plugin
* Implementation guidelines
* Shared plugin interfaces
* Developing IdP adapters
* Developing SP adapters
* Developing token processors
* Developing token generators
* Developing authentication selectors
* Developing data source connectors
* Developing password credential validators
* Developing identity store provisioners
* IdentityStoreProvisionerWithFiltering interface implementation
* IdentityStoreUserProvisioner interface implementation
* Developing notification publishers
* Building and deploying with Ant
* Building and deploying manually
* Log messages
* Developer's Reference Guide
* OAuth 2.0 endpoints
* Authorization endpoint
* Client-initiated backchannel authentication endpoint
* Token endpoint
* OAuth grant type parameters
* Introspection endpoint
* Token revocation endpoint
* Grant-management endpoint
* Dynamic client registration endpoint
* Device authorization endpoint
* User authorization endpoint
* OpenID Provider configuration endpoint
* UserInfo endpoint
* Pushed authorization requests endpoint
* OAuth Playground
* Web service interfaces and APIs
* Connection Management Service
* Exporting a connection
* Importing connections
* Deleting connections
* Cluster configuration replication
* Validation disclaimer
* SSO Directory Service
* Coding example
* SOAP request and response examples
* OAuth Client Management Service
* OAuth Access Grant Management Service
* OAuth Persistent Grant Management API
* Session Management API by session identifiers
* Session Management API by user identifiers
* Session Revocation API endpoint
* PingFederate administrative API
* Configure access to the administrative API
* Enabling native authentication for the administrative API
* Enabling LDAP authentication
* Enabling RADIUS authentication
* Enabling certificate-based authentication
* Enabling OAuth 2.0 authorization
* Accessing the API interactive documentation
* Application endpoints
* IdP endpoints
* SP endpoints
* SP services
* SCIM inbound provisioning endpoints
* System-services endpoints
* Constructing an alternative metadata exchange endpoint
* Authentication API
* Exploring the authentication API
* Mobile application authentication through REST APIs
* Development of authentication API-capable adapters and selectors
* Authentication API states, actions, and models
* Specification of the plugin API
* State model contents
* Non-interactive plugins
* Runtime behavior implementation
* Session state management
* Error messages and localization
Contents
* Feedback
* PDF
* Save all as PDF
* Save page as PDF
* Save section as PDF
* More
You are not authorized to view this content
You are not authorized to view this content
* Previous
* Next
RELEASE NOTES
* Page created: January 19, 2022
* Page updated: January 19, 2022
*
* PingFederate
* Non GA content
* Doc Tools
* Beta
* System Administrator
* Software
* Single Sign-on (SSO)
* Product
* Deployment Method
* Capability
* Audience
* Administrator
* 11.1
This documentation is prerelease content and subject to change.
RELEASE NOTES
These release notes summarize the changes in current and previous product
updates.
PingFederate enables outbound and inbound solutions for single sign-on (SSO),
federated identity management, mobile identity security, API security, social
identity integration, and customer identity and access management. PingFederate
extends employee, customer, and partner identities across domains without
passwords, using only standard identity protocols: SAML, WS-Federation,
WS-Trust, OAuth, and SCIM.
* Feedback
* PDF
* Save all as PDF
* Save page as PDF
* Save section as PDF
* More
You are not authorized to view this content
You are not authorized to view this content
* Previous
* Next
COMMUNITY DISCUSSION GROUPS
Ask questions, get answers and join discussions in our self-service support
forums.
PRODUCT TRAINING AND CERTIFICATION
Get trained across all Ping products and earn industry recognized
certifications.
* Solutions
* Engage Your Customers
* Secure Your Workforce
* Passwordless Authentication
* Implement Zero Trust
* Migrate to the Cloud
* Modernize Legacy IAM
* Mitigate Fraud Risk
* Innovate Digital Experiences
* Regulatory Compliance
* Mergers and Acquisitions
* Products
* PingOne Cloud Platform
* PingOne for Customers
* PingOne for Workforce
* PingOne for Government
* PingOne for Individuals
* Orchestration
* Fraud Detection
* Risk Management
* Identity Verification
* Personal Identity
* Directory
* Authentication
* Single Sign-On (SSO)
* Multi-Factor Authentication (MFA)
* Web/API Access
* Dynamic Authorization
* API Intelligence
* Resources
* Blog
* “Hello, User” Podcast
* Integration Directory
* Software & Mobile App Downloads
* Explore the Content Library
*
*
* Developers
* Developer Community Forum
* Developer Tools
* DevOps
* Cloud Containerization
* Ping Identity Github
* Ping Identity Docker Hub
* Support
* Support Portal
* Professional Services
* Contact Us
* Training & Certification for Current Customers
* Community Q&A Forum
* Create a Case
* Documentation
*
*
* Partners
* Partners Main
* Partner Portal Login
* Find a Partner
* Become a Partner
* Company
* About Us
* Leadership Team
* Careers
* Investors
* Ping Newsroom
* Upcoming Events
*
* Contact Sales
* Try Ping
© Copyright 2022 Ping Identity. All rights reserved.
* Legal
* Privacy
* Security
* SMS Campaigns
*
*
*
*
*
*
*
RATE THIS TOPIC
Did you find this helpful?
YesNo
Write your review
Your email
SEND FEEDBACKCANCEL
RATE THIS TOPIC
Did you find this helpful?
YesNo
Write your review
Your email
SEND FEEDBACKCANCEL