This course steps the learner through various advanced PingFederate administration topics, such as configuring memory options for PingFederate, logging to a database server, configuring certificate revocation checking and certificate rotation, configuring self-service features of the HTML Form Adapter, identity provider (IdP) to service provider (SP) bridging, clustering with dynamic discovery, and more. The class topics include:

• Configuring JVM memory options
• Logging to a database server
• Using certificates and OpenID Connect (OIDC) for console authentication
• Customizing audit logs
• Certificate revocation checking
• Certificate rotation
• Password spray and lockout prevention
• Self-service password change and recovery
• Self-service account recovery
• Custom identity and access management (IAM) using local identity profiles
• Self-registration using third-party identity providers (IdPs)
• Advanced attribute mapping
• Target URL mapping
• IdP-to-SP bridging
• Session management
• Configuring PingFederate as a federation hub
• Using a directory for OAuth 2.0 (OAuth2) persistent grants
• Creating and managing OIDC profiles
• Advanced clustering using dynamic discovery
• Troubleshooting

This course consists of lectures and hands-on lab exercises. Each student is required to provide their own laptop.

Target Audiences

The target audiences for this course include:

• IT professionals responsible for advanced PingFederate configuration and troubleshooting
• Those who have completed the PingFederate Administration course or achieved the Certified Professional – PingFederate certification
• Those considering taking the Certified Expert – PingFederate exam

Prerequisites

The following are the prerequisites for successfully completing this course:

• Completion of the PingFederate Administration course, or
• Equivalent experience with PingFederate

Duration

3 days

Course Contents

Day 1: Course Introduction

• Server Administration
  • Configure JVM memory options
  • Configure virtual host names
  • Certificate based console administration
    • Lab 1: Configuring OIDC-based console single sign-on (SSO)
• PingFederate Logging
  • Customize audit logs
  • The log4j2.xml file
  • Logging to an external database
    • Lab 2: Logging with PingFederate
• Certificates
  • Certificate revocation checking
  • Certificate rotation

Day 2: 

• HTML Form Adapter Self-Service Features
  • Password spray and account lockout prevention
  • Self-service password change
  • Self-service password reset
  • Self-service username recovery
    • Lab 3: HTML Form Adapter self-service options
• HTML Form Adapter Self-Registration
  • Customer IAM with local identity profiles
  • Self-registration with local identity profiles
  • Self-registration using third-party IdPs
    • Lab 4: HTML Form Adapter customer registration
• Advanced Attribute Mapping
  • Using multiple datastores
  • Using REST API as a datastore
  • Extended properties
  • PingDirectory virtual attributes
• SSO Connections
  • Customizing SSO URLs
  • SP target URL mapping
  • IdP-to-SP bridging
  • Session management
    • Lab 5: SSO connections

Day 3:

• Federation Hub
  • Bridging an IdP to an SP
  • Bridging an IdP to multiple SPs
  • Bridging multiple IdPs to an SP
  • Bridging multiple IdPs to multiple SPs
• OAuth2 and OIDC
  • Dynamic client registration
  • Using directories for persistent grant storage
  • Creating and managing OIDC profiles
    • Lab 6: Configuring OIDC profiles
• Clustering
  • Cluster protocol architecture
  • Runtime state management architecture
  • Adaptive clustering
  • Directed clustering
  • Dynamic discovery
  • Cluster replication
    • Lab 7: Clustering
• Troubleshooting
  • SSO issues
  • OAuth2 issues
  • Certificate issues