Using PingAccess to protect PingFederate

24/08/2022

PingAccess works similiar to a firewall, it rewrites URL’s and protects the PingFederate server.

Certs > Site > Virtual Host > PA App > Token Provider

Step 1 – Exchange Certificates

Step 1.1 – Export the PingFederate certificate for the PF Engine.

Security> SSL Server Cert

Select Action > Export

Certificate Only > Export

Save the cert where’s its easy to find.

Step 1.1 – Import the PF Cert into PingAccess

Start from PA Admin Console

Security > Certificates > + to import

Name it eg PF

Choose file > select the PF engine cert > Add

Drag the imported cert from the Cert pane to the Trusted Cert Group pane.

Step 2 – Create a PingAccess SITE

PA Admin Console

Sites > + add site

name = PF

Target = https://loadbalancer:443 or https://host:443

Secure = yes

Trusted Cert Group = PF

Save

Step 3 – Create a PA Virtual Host

The Virtual Host is how PingAccess will access the PF engines.

PA Admin Console

Access > virtual host

Add Virtual host

Host = https://pingfederate_host

Port = 443

Agent cache = 900

Save

Step 5 – Create Key Pair for PF host

Security > Key Pairs

Add Key pair

Alias PF Master

Common Name = https://pingfederate_host

Subject Alternative Name = https://pingfederate_host

Step 5.1 – Import key pair to the virtual host

PA Admin Console

Networking > Listeners

Engine key pairs pane > change PF Master to the base URL of Ping Access virtual host > Save

Step 6 – Match PingAccess Token Provider to PingAccess App

PA Admin Console

System > Token Provider

Host = https://pingfederate_host

Port = 443

Audit = yes

Save

Step 7 – Update PF base URL

PF Admin Console (not PA)

System > Protocol Settings > Federation Info

Change BASE URL to the base URL nad port of the PA VIRTUAL HOST > Save

CAUTION: If you get the wrong base URL, PF will be corrupted and you can’t access it.

Double check the base URL.

Step 8 – Verify Access from PA to PF

Browser

https://virtualhost:port/pf/heartbeat.ping

You should get a response from PF

Browser

https://virtualhost:port/pa/heartbeat.ping

You should get a response from PA

From → Uncategorized

Using PingAccess to protect PingFederate

Step 1 – Exchange Certificates

Step 1.1 – Export the PingFederate certificate for the PF Engine.

Step 1.1 – Import the PF Cert into PingAccess

Step 2 – Create a PingAccess SITE

Step 3 – Create a PA Virtual Host

The Virtual Host is how PingAccess will access the PF engines.

Step 5 – Create Key Pair for PF host

Step 5.1 – Import key pair to the virtual host

Step 6 – Match PingAccess Token Provider to PingAccess App

Step 7 – Update PF base URL

Step 8 – Verify Access from PA to PF

Leave a comment Cancel reply

Blog Stats

Top Posts & Pages

Archives

Follow Blog via Email

Startpage.com

IVPN

XeroCrypt – USW InfoSec Blog

SupraFortix – USW InfoSec Blog

Top Clicks

Using PingAccess to protect PingFederate

Step 1 – Exchange Certificates

Step 1.1 – Export the PingFederate certificate for the PF Engine.

Step 1.1 – Import the PF Cert into PingAccess

Step 2 – Create a PingAccess SITE

Step 3 – Create a PA Virtual Host

The Virtual Host is how PingAccess will access the PF engines.

Step 5 – Create Key Pair for PF host

Step 5.1 – Import key pair to the virtual host

Step 6 – Match PingAccess Token Provider to PingAccess App

Step 7 – Update PF base URL

Step 8 – Verify Access from PA to PF

Share this:

Leave a comment Cancel reply

Blog Stats

Top Posts & Pages

Archives

Follow Blog via Email

Startpage.com

IVPN

XeroCrypt – USW InfoSec Blog

SupraFortix – USW InfoSec Blog

Top Clicks