Ping Identity > Support Center > Join a Discussion 

Join a Discussion

Post!

This forum is intended to provide peer to peer discussion of technical topics.  While Ping Identity employees will monitor this forum and comment as appropriate, the expectation is that the community will provide most responses.  Real life production experience is extremely valuable and you are encouraged to share your experiences here.

If you need technical support, please open a case with our Product Support Engineers.


Showing 101 - 110 of 221 answers Sort by:     Show category:

Integration of PingFderate SSO with Oracle WebLogic and Oracle Access Manager Webgate

Application runs on the Oracle WebLogic server 11g that is secured by the OAM Identity Asserter. OAM Web Gate 10g runs on the web tier and uses OAM Server to authenticate user prior to passing the request to the application.
 
The customer wants to use its PingIdentity to authenticate the user.
Can above described setup be integrated with PingIdentity so that it works this way:
  1. User requests access to the application via HTTP server that is protected by the OAM Webgate
  2. OAM Webgate recognizes that the requested application is secured resource and redirects request to the customer PingIdentity server for the authethication
  3. PingIdentity server serves a login page and authenticates user
  4. Upon successful authentication, request is passed to the weblogic server and application is started with a session context that contains information about user and user roles (subject with all principals)
 
If this can work then what sort of efforts and skills are required to put it together
If it cannot work that way then what would be the SSO flow when PingFederate is used as SSO for application running on WebLogic 11g?
 
 
1 reply »  Posted by Boro Petrovic on 2/23/2012 10:36 PM Reply Category: Other

Certificate found in Signature or KeyDescriptor under element "EntityDescriptor" is not trusted

Hello,

I have setup Ping Federate 6.4 as Identity provider and my service provider is using opensso 9.5.

I sent a metadata file(including ping generated public certficate) from Ping, when my SP try to import that file into his opensso environment he is getting error message:

Certificate found in Signature or KeyDescriptor under element "EntityDescriptor" is not trusted

Can any one tell how to resolve this issue? He imported ping generated public certificate into his cacerts keystore.

Any response is appriciated.

Thanks,
Satheesh
1 reply »  Posted by satish paladugula on 2/19/2012 3:19 PM Reply Category: Other

Service Provider behind a reverse proxy

Hi!

We are running PingFederate 6.5.2.0 as an IdP.
The SP is SAP Netweaver 7.3 and SSO works fine.

However, we would like to reverse proxy the SP so that Internet users can reach it.
The federation URL is already reachable from the Internet.

Is this possible? Will the user not be redirected to the internal hostname?
Will federation work when a reverse proxy initiates the connection?

Thanks for any ideas on this!
0 replies »  Posted by Peter Nilsson on 2/17/2012 2:32 PM Reply Category: Other

SSLHandshakeException - Ping Federate Java Integration kit

I am using the Ping Federate Java Integration kit sample applications and they work fine(same instance of Ping Federate being used as IdP and SP).
   Now I have taken the SP application and deployed it into my tomcat instance and configured to use SSL. Now when i open the tomcat SP application(on https), i get the following error "The SSL handshake failed when trying to obtain a list of connections from PingFederate via a web service call. Please check to make sure your SSL certificates are set correctly between the SP Sample Application and PingFederate." on the home page. I have added the certificate to the Trusted CAs of the Ping Federate(as well as  SSL Client Keys & Certificates ) and also included the Ping Federate certificate in my Tomcat trust store.
 
  But i am still getting this error. I am able to perform SSO from the IDP, but not form the SP because of this and in my Ping Federate logs i get the following error message "handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake". Could you provide me with helpful pointers to deal with this. I am suspecting it to be some kind of configuration change i need to make, but i have been unsuccessful for quite a long time.
1 reply »  Posted by Swapnil Desai on 2/9/2012 12:42 AM Reply Category: Other

Host Migration

Hi,We are migrating from Solaris to Linux box.I like to keep the assertion url same as earlier one,so that my client applications wont have to make any change at their end.The old solaris box will not be in usein future.For eg.Currently my host is Abcd.svr so my assertion url is like http://Abcd.svr.com:9031/StartPing----- something like this.Now my new server will become XYZ.svr but like to have the same assertion url.How to get this done?
1 reply »  Posted by MUKUL MARAIYA on 2/6/2012 6:00 PM Reply Category: Other

SSO to PeopleSoft HRMS

Do you have a standaad adaptor to facilitate a single signon  with PeopleSoft ( Human capital management 9.1 + PeopleTools 8.51)

On the PING identity site I find to references, but no documentation or solution paper 
https://www.pingidentity.com/our-solutions/sso-to-hr-apps.cfm
1 reply »  Posted by tom Altena on 1/27/2012 6:54 AM Reply Category: Other

SAMLArtifact -Unknown Host Exception

I am working on a project to integrate with our SAML system.This integration is going to use the Artifact profile/binding for saml messaging.
Once a user is authenticated at IDP and SAMLArt is sent in a browser redirect to SP,SP SAML logs shows these error messages in the PING logs:

#################
[10/01/2012][13:02:24.854][DEBUG][org.sourceid.common.SoapClient][org.sourceid.common.SoapClient][getClient]Reusing existing client for endpoint https://fss.stage.gecompany.com/fss/idp/ARS.ssaml2 / (IDP) ::: ArtifactFidTestRPC
[10/01/2012][13:02:24.858][DEBUG][org.sourceid.common.SoapClientSocketFactory][org.sourceid.common.SoapClientSocketFactory][createSocket]Creating SSL socket for host fss.stage.gecompany.com and port 443
[10/01/2012][13:02:24.860][ERROR][org.sourceid.common.SoapClient][org.sourceid.common.SoapClient][sendRequest]General error while sending soap request to https://fss.stage.gecompany.com/fss/idp/ARS.ssaml2
java.net.UnknownHostException: fss.stage.gecompany.com
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:367)
        at java.net.Socket.connect(Socket.java:529)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:556)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:357)
        at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:69)
        at org.sourceid.common.SoapClientSocketFactory.createSocket(SoapClientSocketFactory.java:142)
        at org.apache.commons.httpclient.HttpConnection$1.doit(HttpConnection.java:660)
        at org.apache.commons.httpclient.HttpConnection$SocketTask.run(HttpConnection.java:1291)
        at java.lang.Thread.run(Thread.java:637)
#############################

This (fss.stage.gecompany.com) is our real staging environment and leveraged by 100+ service provider.Would need some direction or inputs why this error is there and any way to resolve this. Thanks is advance.
 

1 reply »  Posted by Vikas Chandra on 1/10/2012 6:23 PM Reply Category: Other

Management pack for System Center Operations Manager 2007

Title says it all. Is there a management pack for PingIdentity available for purchase/download for use with SCOM 2007? We are using this as our primary monitoring tool in our organization and before reinventing the wheel and implementing all kinds of custom monitors, I would like to know if there is already an off-the-shelf solution from ping identity. Thanks in advance.

Regards, Arthur Visser
1 reply »  Posted by Arthur Visser on 1/10/2012 12:22 PM Reply Category: Other

About SLO for ws-federation

When I config the SLO for ws-federation.
In Sp side, will jump the browser to PF with below url
https://sso.webex.com:9031/idp/prp.wsf?wa=wsignout1.0&wreply=http%3A%2F%2Fwww.webex.com%2F

But after SLO, the browser(firefox) can't jump to http://www.webex.com/.
The SLO flow is blocked by the pop up windows basic login window.
After analyze the http trace, I found the root cause of this issue is that PF call the WSFed Endpoint URL with 
  1. Request URL:
    https://szqacsplgn.qa.webex.com/cas/WSFedService.do?org=sophysso3.com&type=connect2?wa=wsignoutcleanup1.0
  2. Request Method:
    GET
  3. Status Code:
    302 Moved Temporarily
    and the wa paramter is not right format in request URL...
     

6 replies »  Posted by Darcy Songw on 1/4/2012 6:11 AM Reply Category: Other

what made the customer switch

as 600+ companies have adopted to ping, i would like to see a page similar to customer portal where the cutomer can post why and what made them switch to ping identity and from what product
0 replies »  Posted by Luv Shah on 12/19/2011 3:07 PM Reply Category: Other