Skip to main content
Skip table of contents

PingID User Management

Feature

Integrating Germain with Ping for Authentication

Configuration in PingID

The configuration in PingID depends on your organization's setup. We can guide you through the process of configuring PingID for OAuth and OpenID authentication methods.

Configuration in Germain

  1. Sign in to your Germain application as an administrator.

  2. Go to System > System Settings > Root Config (Advanced).

  3. Navigate to services > authentication. In AuthenticationConfig, set the following:

    • defaultRedirectPath: workspace URL (e.g., /germainapm/workspace/app)

      2e989fcb-0b9f-4d67-a433-ec63ccdd5aa3.png

  4. Go to System > Auth Settings > Authentication.

  5. Click the Plus button to add a new Authentication Provider.

    Authentication Provider Parameters - Germain UX

  6. Select OAuth Provider and click next.

    Select OAuth provider - Germain UX

  7. Configure the provider settings:

    • Provider Name: Name for your Auth Provider

    • Client ID: <Client ID Copied from PingID>

    • Client Secret: <Client Secret Copied from PingID> (or empty if using a public OAuth client - note this is not recommended, if Client ID is empty, PKCE is used by default)

    • Authorization Grant Type: authorization_code

    • Redirect URI Template: {baseUrl}/login/oauth2/code/{registrationId}

    • Authorization URI: https://<yourPingIDDomain>/fss/as/authorization.oauth2

    • Token URI: https://<yourPingIDDomain>/fss/as/authorization.oauth2

    • User Info URI: https://<yourPingIDDomain>/fss/idp/userinfo.openid

    • JWK Set URI: https://<yourPingIDDomain>/fss/pf/JWKS

    • User Name Attribute: email

    • JWS Algorithm: (leave blank)

    • Role List Path: (leave blank)

    • Scope values: openid, profile, email, roles

    • Use PKCE: enable this to force using PKCE

      PingID Parameters - Germain UX

      PingID Parameters - Germain UX

      PingID Parameters - Germain UX

  8. Click Finish.

  9. Restart the Tomcat services to apply the changes.

  10. If you have any issues with logging in with your OAuth provider after restarting, you can enable DEBUG logging in the REST service for the following package com.germainsoftware.apm.auth.security This will provide additional logging in the REST service log file (when a login attempt is made) to help troubleshoot any configuration issues.

Once completed, the login page should display the "Login with PingID" OAuth provider option.

PingID Login Page - GermainUX

 

Service: Authentication

Feature Availability: 2023.1 or later

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close