Skip to main content
Version: On prem: 15.0.2

Configure PingFederate with Open ID Connect on-prem

DISCLAIMER


This page contains third-party references. We strive for our content to always be up-to-date, however, the content referring to external vendors may change independently of Omada. If you spot any inconsistency, please report it to our Helpdesk.

To configure PingFederate with Open ID Connect:

  1. Log in to the PingFederate admin console.

  2. Go to Server Configuration > Server Settings > Roles & Protocols.

  3. Enable OAuth 2.0 and OpenID CONNECT.

  4. Select OAuth Settings, then click Create New.

  5. Type a name and the URL to logon.aspx (use lower case).

  6. Select Implicit grant types, then click Save.

  7. Go to OAuth Settings > IdP Adapter Mappings.

  8. Map the USER_KEY and USER_NAME to a meaningful value from the adapter.

  9. Open the Access Token Attribute Mapping.

  10. Map the Default context to the CRC Token Manager.

  11. Next, open the Policy Management.

  12. Add a policy Omada Identity mapping sub to id (Token).

  13. Set the policy as Default, then create the Ping metadata endpoint from the URL to the PingFederate server and add .well-known/openid-configuration at the end of the URL, for example: http://samlmart.zapto.org/.well-known/openid-configuration.

  14. Add the Client ID (Omada Identity) to tblCustomerAuth.IdpIssuer as well as tblCustomerAuth.IdpAudience and the Ping endpoint URL to tblCustomerAuth.IdpEndPoint.