Installing PingFederate
The following list is a high-level overview of the steps that you need to follow to install PingFederate. Click each link to view the steps that you need to follow to complete the task.
Step 1: Download PingFederate
Download the latest build of the minor version and patch of PingFederate supported by your product, as indicated by its system requirements.
Step 2:Obtain PingFederate License
You can obtain a new PingFederate license by opening a technical support case via the PTC eSupport portal.
Step 3: Install PingFederate
For PingFederate 11.0 installation instructions, see PingFederate installation documentation.
Step 4: Apply the patch on the PingFederate installation
After installing PingFederate, you need to apply the respective PingFederate patch on the installed PingFederate installation. The patch should be applied according to the instructions provided by PingFederate.
Step 5: Configure PingFederate and deploy the PingFederate license file
1. From a Command Prompt window, browse to PingFederate/bin, and execute the run.bat on Windows or on Linux to start PingFederate.
It might take sometime to start PingFederate.
2. When the message PingFederate running is returned, open the PingFederate URL in the following format in your browser: https://<>:9999/pingfederate/.
3. If certificate error prompts are displayed, accept them to continue with the setup.
4. Follow the instructions in the PingFederate Setup screens until setup finalization.
5. Confirm that PingFederate has been set up by logging in through a new browser session. Navigate to the PingFederate URL in the https://<>:9999/pingfederate/ format, and sign in with your newly created administrator user name and password.
Step 6: Define SAML 2.0 Entity ID
In PingFederate 11, entityID is not defined as part of PingFederate initial settings done in previous steps. Follow the below mentioned steps to define the entityID.
1. Navigate to PingFederate administrative console.
2. Search Protocol Settings. Open the search results.
3. Enter your entityID in SAML 2.0 ENTITY ID under Federation Info tab. Click Save.
Step 7: Complete cross-domain configuration for the SameSite cookie attribute
If you are using PingFederate 11, the sameSite attribute already exists and has default value as “None” in the jetty-runtime.xml file. Steps 1 and 2 are not required in this case.
<Call name="setAttribute">
1. If PingFederate and/or ThingWorx and/or the IdP are in different domains, then you have to enable the SameSite cookie attribute. To do this, in the <PingFederate Installation Folder>/etc/jetty-runtime.xml file, set the value of the sameSiteSpecifier attribute within the baseHttpConfig element to None.
<New id="baseHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<!-- ... -->
<Set name="headerCacheSize">512</Set>
<Set name="sameSiteSpecifier">None</Set>
<!-- … -->
2. Restart PingFederate.
To complete cross-domain support, you must apply similar changes to Tomcat. For more information, see the PTC Tech Support article.
Was this helpful?