Before you Run the Automation Scripts

PingFederate as the Central Auth Server > Configuring the Central Auth Server – PingFederate > Configuring PingFederate as the Central Auth Server Automatically > Before you Run the Automation Scripts

1. Start with a clean PingFederate installation. For more information, see Installing PingFederate or Upgrading PingFederate.

While installing PingFederate, ensure that the base URL of PingFederate is set to the fully qualified domain name (FQDN). If the base URL is set to localhost, complete the following steps to replace localhost with the PingFederate FQDN:

a. Log in to the PingFederate console as an administrator.

b. From the main screen of your PingFederate console, select Server Configuration > Server Settings > Federation Info.

c. Update the value for the Base URL field from localhost to your PingFederate FQDN.

The default properties of the automation scripts for key and encryption strength settings require that the Java Virtual Machine (JVM) used for the PingFederate installation has the Java Cryptography Extension (JCE) Unlimited Strength installed.

2. Make sure SAML 2.0 ENTITY ID is defined in PingFederate. Follow the below mentioned steps to define entityID:

a. Navigate to PingFederate administrative console.

b. Search Protocol Settings. Open the search results.

c. If no value is defined for SAML 2.0 ENTITY ID field under the Federation Info tab, enter your entityID in this field. Click Save.

3. Download the automation scripts:

a. Open the PTC software download website.

b. Enter your Customer Name and Customer Number, and click Next. The PTC Software Download page opens.

c. Depending on the product that you are using, do the following:

Product	Step 1: Select the Product Family	Step 2: Choose Release & Download	Step 3: Select Datecode
ThingWorx	ThingWorx Foundation	Release 9.x > PING Federate > Most Recent Datecode	Datecode: L009—Automated-PING-Federate-Configuration
ThingWorx Navigate	ThingWorx Foundation	Release 9.x > PING Federate > Most Recent Datecode	Datecode: L009—Automated-PING-Federate-Configuration
Windchill ProjectLink	Windchill ProjectLink	Release 11.2 > PING Federate > Show all Other Available Datecodes	Datecode: L0098—Automated-PING-Federate-Configuration
Windchill PDMLink	Windchill PDMLink	Release 11.2 > PING Federate > Show all Other Available Datecodes	Datecode: L008—Automated-PING-Federate-Configuration
Windchill MPMLink	Windchill MPMLink	Release 11.2 > PING Federate > Show all Other Available Datecodes	Datecode: L008—Automated-PING-Federate-Configuration
Vuforia Studio	Vuforia Studio	Obtain via ThingWorx Foundation procedure.
Windchill RV&S	Windchill Requirements Validation & Source (Integrity Lifecycle Manager)	Contact technical support.
Arbortext Content Delivery	Arbortext Content Delivery	Release 7.x > PING Federate > Most Recent Datecode	Datecode: F000—PING-Federate-Script

For Step 2: Choose Release & Download, version numbers and download locations are examples only.

d. Click HTTPS or Download Manager to download the zip file that includes the automation scripts.

e. Save and unzip the zip file to a directory on your machine. Hereafter, this directory is referenced as <PINGFEDERATE_SCRIPT_HOME>.

4. Specify values for all properties in the user.properties file and review the properties in the default.properties file according to your IdP configuration.

5. Place the signing and SSL certificates (PEM format) in the <PINGFEDERATE_SCRIPT_HOME>/input directory. You need to specify the following certificates as a value for the corresponding property in the user.properties file:

◦ The SAML signing certificate (PEM format) file name for ThingWorx in the create_sp_connection_input_sign_verif_cert property. For more information, see Configuring the SSL Certificate for Application Layer Encryption and Signing.

◦ The SSL certificate (PEM format) file name for PingFederate in the global_pingFed_admin_certificate property. For more information, see Configuring the SSL Certificate for PingFederate.

Specifying the PingFederate Admin SSL certificate file name in the global_pingFed_admin_certificate property is recommended because using a certificate enables secure SSL communication between PingFederate and the scripts. If you use a PingFederate Admin SSL certificate signed by a root certificate authority (CA) rather than a self-signed certificate, you must place the root CA certificate (PEM format) in the <PINGFEDERATE_SCRIPT_HOME>/input directory and specify the root CA certificate as the value of this property.

◦ If you choose to configure ADFS or Generic SAML 2.0 as your IdP, you must place their respective signing certificates (PEM format) in the <PINGFEDERATE_SCRIPT_HOME>/input directory along with above two certificates. For example, adfs_idp_signing.crt or saml2_idp_signing.crt.

6. If you are using the Linux OS, run the following command from the bash shell to grant the execute permission for all scripts in the <PINGFEDERATE_SCRIPT_HOME> directory:

find . -type f -iname "*.sh" -exec chmod +x {} \;

7. If you are using the Windows OS, install Git Bash to run the scripts. You can download the latest Git installer from https://git-scm.com/download.

Was this helpful?