pingfederate

问题 we are using PingFederate for SSO and is SP initiated. and Ping Federate will act like Idp. For application there are 2 webservers(for high availability My questions is 1. can we provide two urls as default(In console as only one url can be set as default. in this case can we provide two comma seperated urls). can load balancer url is provided for ACS url. Thank you! 回答1: I think you want to publish the assertion consumer service URLs in SP metadata, as it is specific to the service provider.

问题 In this sof ticket, Where do I find PingFederate's "Relying Party"? (To be set in "AppliesTo" of the SAML RST), we learn where to set an SP's "PARTNER SERVICE IDENTIFIER" which corresponds to the "AppliesTo" element in the STS soap request for saml token. I am using PingFederate to do SSO to my SharePoint online site: https://mysite.sharepoint.com What should the PARTNER SERVICE IDENTIFIER be set to when using SharePoint online? 回答1: Finally found the answer from a PingFederate PDF document

问题 I am working to understand the SAML request process using PingFederate. I am making the SAML RST request in order to gain access to a SharePoint Online instance. PingFederate SSO is successfully set up and users must login through ping in order to get to sharepoint online. Now I want to make a Saml RST to PingFederate STS using the Java STS SDK 1.1. I have a working STS endpoint: https://my.ping.endpoint/sp/sts.wst And my SharepointOnline endpoint is: https://mydomain.sharepoint.com I am

问题 I can use OpenAM to query a list of users and a list of groups by using its REST API: /openam/json/users?_queryID=* /openam/json/groups?_queryID=* Is there an equivalent (or similar) API of the above in PingFederate? 回答1: This is not something that is currently available in the product. The reason being that it can use any of a number of user stores (adapters in the product's terminology) at the same time, and it doesn't have a specific set of users. If you are a current customer, you could

问题 We should like to do audit logging from Ping Federate and have set up a rolling file logger like this: <RollingFile name="SecurityAudit2Splunk" fileName="${sys:pf.log.dir}/splunk-audit.log" filePattern="${sys:pf.log.dir}/splunk-audit.%d{yyyy-MM-dd}.log" ignoreExceptions="false"> <PatternLayout> <pattern>%d trackingid="%X{trackingid}" event=%X{event} subject="%X{subject}" ip=%X{ip} app=%X{app} connectionid=%X{connectionid} protocol=%X{protocol} pfhost=%X{host} role=%X{role} status=%X{status}

问题 I am attempting to integrate Ping Federate as an external OIDC provider for my IdentityServer4 instance. When I initiate the external login flow I am getting the following error: System.Exception: Correlation failed. at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime

问题 Http Form adapter serves as an authentication service in my application. I have not implemented any application on the Identity Provider to get user inputs. Therefore, on successful authentication, SP verifies the user's signature and redirects to the application. At my target Resource, I receive an open token. Is it still possible to utilize the open Token Jar to read the user attributes from OTK? **Note: ** In Service Provider, I use open token Adapter. Also, please let me know if there is

问题 Does anyone have any experience with importing meta data files from Ping Identity into an ACS provider? I'm logged into my Ping Identity admin system, all fine, no problem. Then, when I export the idP file... no digital signature is included within it and thus I cannot import this file into ACS as it complains that there's no signature included. Has anyone else faced this issue and have any ideas on a workaround? I understand it's pretty intricate, so fingers crossed. 回答1: Are you trying to

问题 I am trying to create an authentication on an ASP.NET Core 2.0 web app. My company is using Ping Federate and I am trying to authenticate my users using the company login page and in return validating the returned token using my signing key ( X509SecurityKey down here). The ping login link link looks like: https://auth.companyname.com I configured the Startup.cs to be able to log in and challenge against this site. I decorated my HomeController with a [Authorize(Policy="Mvc")] . I am able to

问题 Any one know about how to change default error pages in PingFederate 6.10 during sso login. for example, in PF after no of unsuccessfull attempts exceeded user face error page from PF. my question is how to change default ping federate sso user facing pages to refer external web pages? (i noticed too many inbuilt error pages are in Ping Federate) Thanks in Advance.... 回答1: Check the PF 6.10 Admin Guide to start - https://documentation.pingidentity.com/display/PF610/Customizing+User-Facing