SSO: PingFederate

Governor supports Single Sign-On using OAuth2. This page describes how to configure PingFederate as an OAuth2 provider.

Setting up OAuth2

For setting up PingFederate single sign-on, provide the necessary application properties shown below. See Spring Boot reference for additional details.

spring.security.oauth2.client.registration.pingfederate.client-id=governor-client
spring.security.oauth2.client.registration.pingfederate.client-secret=your-client-secret
spring.security.oauth2.client.registration.pingfederate.redirect-uri=https://your-governor-host/oauth2/PINGFEDERATE
spring.security.oauth2.client.registration.pingfederate.client-authentication-method=client_secret_jwt
spring.security.oauth2.client.provider.pingfederate.authorization-uri=https://pingfederate.server/as/authorization.oauth2
spring.security.oauth2.client.provider.pingfederate.token-uri=https://pingfederate.server/as/token.oauth2
spring.security.oauth2.client.provider.pingfederate.user-info-endpoint-uri=https://pingfederate.server/idp/userinfo.openid
spring.security.oauth2.client.provider.pingfederate.jwks-set-uri=https://pingfederate.server/pf/JWKS
spring.security.oauth2.client.registration.pingfederate.authorization-grant-type=authorization_code

Setting up the client-id property enables the PingFederate button on the Governor authentication form.