Ping Identity > Support Center > Join a Discussion 

Join a Discussion


This forum is intended to provide peer to peer discussion of technical topics.  While Ping Identity employees will monitor this forum and comment as appropriate, the expectation is that the community will provide most responses.  Real life production experience is extremely valuable and you are encouraged to share your experiences here.

If you need technical support, please open a case with our Product Support Engineers.

Showing 101 - 110 of 220 answers Sort by:     Show category:

Certificate found in Signature or KeyDescriptor under element "EntityDescriptor" is not trusted


I have setup Ping Federate 6.4 as Identity provider and my service provider is using opensso 9.5.

I sent a metadata file(including ping generated public certficate) from Ping, when my SP try to import that file into his opensso environment he is getting error message:

Certificate found in Signature or KeyDescriptor under element "EntityDescriptor" is not trusted

Can any one tell how to resolve this issue? He imported ping generated public certificate into his cacerts keystore.

Any response is appriciated.

1 reply »  Posted by satish paladugula on 2/19/2012 3:19 PM Reply Category: Other

Service Provider behind a reverse proxy


We are running PingFederate as an IdP.
The SP is SAP Netweaver 7.3 and SSO works fine.

However, we would like to reverse proxy the SP so that Internet users can reach it.
The federation URL is already reachable from the Internet.

Is this possible? Will the user not be redirected to the internal hostname?
Will federation work when a reverse proxy initiates the connection?

Thanks for any ideas on this!
0 replies »  Posted by Peter Nilsson on 2/17/2012 2:32 PM Reply Category: Other

SSLHandshakeException - Ping Federate Java Integration kit

I am using the Ping Federate Java Integration kit sample applications and they work fine(same instance of Ping Federate being used as IdP and SP).
   Now I have taken the SP application and deployed it into my tomcat instance and configured to use SSL. Now when i open the tomcat SP application(on https), i get the following error "The SSL handshake failed when trying to obtain a list of connections from PingFederate via a web service call. Please check to make sure your SSL certificates are set correctly between the SP Sample Application and PingFederate." on the home page. I have added the certificate to the Trusted CAs of the Ping Federate(as well as  SSL Client Keys & Certificates ) and also included the Ping Federate certificate in my Tomcat trust store.
  But i am still getting this error. I am able to perform SSO from the IDP, but not form the SP because of this and in my Ping Federate logs i get the following error message "handling exception: Remote host closed connection during handshake". Could you provide me with helpful pointers to deal with this. I am suspecting it to be some kind of configuration change i need to make, but i have been unsuccessful for quite a long time.
1 reply »  Posted by Swapnil Desai on 2/9/2012 12:42 AM Reply Category: Other

Host Migration

Hi,We are migrating from Solaris to Linux box.I like to keep the assertion url same as earlier one,so that my client applications wont have to make any change at their end.The old solaris box will not be in usein future.For eg.Currently my host is Abcd.svr so my assertion url is like something like this.Now my new server will become XYZ.svr but like to have the same assertion url.How to get this done?
1 reply »  Posted by MUKUL MARAIYA on 2/6/2012 6:00 PM Reply Category: Other

SSO to PeopleSoft HRMS

Do you have a standaad adaptor to facilitate a single signon  with PeopleSoft ( Human capital management 9.1 + PeopleTools 8.51)

On the PING identity site I find to references, but no documentation or solution paper
1 reply »  Posted by tom Altena on 1/27/2012 6:54 AM Reply Category: Other

SAMLArtifact -Unknown Host Exception

I am working on a project to integrate with our SAML system.This integration is going to use the Artifact profile/binding for saml messaging.
Once a user is authenticated at IDP and SAMLArt is sent in a browser redirect to SP,SP SAML logs shows these error messages in the PING logs:

[10/01/2012][13:02:24.854][DEBUG][org.sourceid.common.SoapClient][org.sourceid.common.SoapClient][getClient]Reusing existing client for endpoint / (IDP) ::: ArtifactFidTestRPC
[10/01/2012][13:02:24.858][DEBUG][org.sourceid.common.SoapClientSocketFactory][org.sourceid.common.SoapClientSocketFactory][createSocket]Creating SSL socket for host and port 443
[10/01/2012][13:02:24.860][ERROR][org.sourceid.common.SoapClient][org.sourceid.common.SoapClient][sendRequest]General error while sending soap request to
        at org.sourceid.common.SoapClientSocketFactory.createSocket(
        at org.apache.commons.httpclient.HttpConnection$1.doit(
        at org.apache.commons.httpclient.HttpConnection$

This ( is our real staging environment and leveraged by 100+ service provider.Would need some direction or inputs why this error is there and any way to resolve this. Thanks is advance.

1 reply »  Posted by Vikas Chandra on 1/10/2012 6:23 PM Reply Category: Other

Management pack for System Center Operations Manager 2007

Title says it all. Is there a management pack for PingIdentity available for purchase/download for use with SCOM 2007? We are using this as our primary monitoring tool in our organization and before reinventing the wheel and implementing all kinds of custom monitors, I would like to know if there is already an off-the-shelf solution from ping identity. Thanks in advance.

Regards, Arthur Visser
1 reply »  Posted by Arthur Visser on 1/10/2012 12:22 PM Reply Category: Other

About SLO for ws-federation

When I config the SLO for ws-federation.
In Sp side, will jump the browser to PF with below url

But after SLO, the browser(firefox) can't jump to
The SLO flow is blocked by the pop up windows basic login window.
After analyze the http trace, I found the root cause of this issue is that PF call the WSFed Endpoint URL with 
  1. Request URL:
  2. Request Method:
  3. Status Code:
    302 Moved Temporarily
    and the wa paramter is not right format in request URL...

6 replies »  Posted by Darcy Songw on 1/4/2012 6:11 AM Reply Category: Other

what made the customer switch

as 600+ companies have adopted to ping, i would like to see a page similar to customer portal where the cutomer can post why and what made them switch to ping identity and from what product
0 replies »  Posted by Luv Shah on 12/19/2011 3:07 PM Reply Category: Other

Download with server command line tools...

Why can't I do downloads with the various command line tools, like wget or curl?  Please enable access in this manner - it would make system builds so much easier.
1 reply »  Posted by Andrew King on 12/13/2011 3:55 PM Reply Category: Other