Tech Tip – PingFederate – How to set up logging into the Administrative console with an Active Directory data source.

PingIdentity

Environment :

  • PingFederate 10.1.10

Instructions :

  1. Modify <ping_federate_install_directory>/pingfederate/bin/run.properties and update property “pf.console.authentication” as below
    • pf.console.authentication=LDAP
  2. Modify <ping_federate_install_directory>/pingfederate/bin/ldap.properties and update following properties (at minimum)
    • ldap.url=ldap://localhost:389 (if ldaps provide ldaps url e.g. ldaps://localhost:636)
    • ldap.username=CN=Administrator,CN=Users,DC=hcl,DC=com
    • ldap.password=OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoidG4wZEhFZzBleiIsInZlcnNpb24iOiIxMC4xLjEuMCJ9..CG5Stcu1rAVghraEkDOpxQ.HwVhPZmVmN17-79PnJvH_w.btlVdV42IWTRATIiQ3a7Lw
    • search.base=CN=Users,DC=hcl,DC=com
    • search.filter=sAMAccountName={0}
    • role.admin=Administrator
    • role.cryptoManager=Administrator
    • role.userAdmin=Administrator
    • role.expressionAdmin=Administrator
  3. Restart PingFederate Service and login with LDAP user.

Note :

  • Do not assign “role.auditor” role to the Administrator user as auditor role supersedes all other roles
  • Password will need to be obfuscated using the obfuscate.bat tool available in bin directory as below

 

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *