Prepare for Single Sign-On (SSO) > PingFederate Configuration > Configure Trust for PingFederate Certificate for Vuforia Studio and Vuforia View
  
Configure Trust for PingFederate Certificate for Vuforia Studio and Vuforia View
If your PingFederate server uses a self-signed certificate or a certificate signed by a private organization certificate authority (CA), then the Experience Service and the Vuforia Studio clients must be configured to trust the certificate. For more information about certificates, see Transport Layer Security (TLS) Certificates.
The steps required to properly configure the Vuforia Studio client depends on the type of CA that issued the PingFederate certificate. Determine which of the following scenarios applies to your situation and follow the corresponding instructions.
Configure clients to trust a private organization CA—if your PingFederate certificate is signed by a private organization CA, complete the following configurations for Vuforia Studio and Vuforia View:
Product
Instructions
Vuforia Studio
On any system that will be running Vuforia Studio, use the following instructions to set the NODE_EXTRA_CA_CERTS to the appropriate value:
1. If the NODE_EXTRA_CA_CERTS environment variable already references a file that contains a certificate for the ThingWorx server (see Vuforia Studio and Vuforia View Configuration), take one of the following actions:
a. If the PingFederate certificate and the ThingWorx certificate are signed by the same private organization CA, no changes are required. The system has already been configured to trust the PingFederate certificate.
b. If they are not, create a file that contains both the original ThingWorx certificate and the certificate for the CA that signed the PingFederate certificate. The order in which the certificates are concatenated is not important. Set the NODE_EXTRA_CA_CERTS environment variable equal to the path to this file that contains both certificates.
2. Otherwise, set the NODE_EXTRA_CA_CERTS environment variable equal to the path to the certificate for the private organization CA that signed the PingFederate certificate.
* 
When using the NODE_EXTRA_CA_CERTS variable, the referenced certificate files must be PEM encoded.
3. After setting the environment variable, completely exit Vuforia Studio, and restart the application.
* 
Reopening the Vuforia Studio web page is not sufficient; the local Vuforia Studio server must be restarted.
Vuforia View
On any device that will be running Vuforia View, follow the device operating instructions to install the certificate for the private CA that signed the PingFederate certificate into the operating system’s trust store. The certificate for the private CA must be trusted by the operating system.
* 
Configuring the web browser on your device to trust the certificate for the private CA is not sufficient; this only causes the browser to trust the certificate. Other apps, including Vuforia View, will not trust the certificate.
Configure clients to trust self-signed certificates—if your PingFederate certificate is self-signed, complete the following configurations for Vuforia Studio and Vuforia View:
Product
Instructions
Vuforia Studio
On any system that will be running Vuforia Studio, use the following instructions to set the NODE_EXTRA_CA_CERTS to the appropriate value:
1. If the NODE_EXTRA_CA_CERTS environment variable already references a file that contains a certificate for the ThingWorx server (see Vuforia Studio and Vuforia View Configuration), take one of the following actions:
a. If the PingFederate and ThingWorx use the same self-signed certificate, no changes are required. The system has already been configured to trust the PingFederate certificate.
b. If they are not, create a file that contains both the original ThingWorx certificate and the PingFederate self-signed certificate. The order in which the certificates are concatenated is not important. Set the NODE_EXTRA_CA_CERTS environment variable equal to the path to this file that contains both certificates.
2. Otherwise, set the NODE_EXTRA_CA_CERTS environment variable equal to the path to the PingFederate self-signed certificate.
* 
When using the NODE_EXTRA_CA_CERTS variable, the referenced certificate files must be PEM encoded.
3. After setting the environment variable, completely exit Vuforia Studio, and restart the application.
* 
Reopening the Vuforia Studio web page is not sufficient; the local Vuforia Studio server must be restarted.
Vuforia View
On any device that will be running Vuforia View, follow the device operating instructions to install the PingFederate self-signed certificate into the operating system’s trust store. The self-signed certificate must be trusted by the operating system.
* 
Configuring the web browser on your device to trust the PingFederate self-signed certificate is not sufficient; this only causes the browser to trust the certificate. Other apps, including Vuforia View, will not trust the certificate.
Finally, once this has been completed, ensure that user sessions are managed properly.