Tech Tip – PingFederate – How to set up logging into the Administrative console with an Active Directory data source.


Environment :

  • PingFederate 10.1.10

Instructions :

  1. Modify <ping_federate_install_directory>/pingfederate/bin/ and update property “pf.console.authentication” as below
    • pf.console.authentication=LDAP
  2. Modify <ping_federate_install_directory>/pingfederate/bin/ and update following properties (at minimum)
    • ldap.url=ldap://localhost:389 (if ldaps provide ldaps url e.g. ldaps://localhost:636)
    • ldap.username=CN=Administrator,CN=Users,DC=hcl,DC=com
    • ldap.password=OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoidG4wZEhFZzBleiIsInZlcnNpb24iOiIxMC4xLjEuMCJ9..CG5Stcu1rAVghraEkDOpxQ.HwVhPZmVmN17-79PnJvH_w.btlVdV42IWTRATIiQ3a7Lw
    • search.base=CN=Users,DC=hcl,DC=com
    • search.filter=sAMAccountName={0}
    • role.admin=Administrator
    • role.cryptoManager=Administrator
    • role.userAdmin=Administrator
    • role.expressionAdmin=Administrator
  3. Restart PingFederate Service and login with LDAP user.

Note :

  • Do not assign “role.auditor” role to the Administrator user as auditor role supersedes all other roles
  • Password will need to be obfuscated using the obfuscate.bat tool available in bin directory as below


Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Leave a Reply

Your email address will not be published.