Integration and Deployment Notes
PingFederate System Setup
Omit Line Breaks in Digital Signatures

Configure PingFederate to omit line breaks in digital signatures by using one of the following procedures.

NOTE
This change is global, for all cases in which PingFederate may write encoded signatures to XML or log files.

On Windows (running PingFederate from the command line):

  1. Open <pf_install>/pingfederate/bin/run.bat in a text editor.
  2. Locate the variable PF_JAVA_OPTS
  3. Add -Dorg.apache.xml.security.ignoreLineBreaks=true as a variable value.

On Windows (running PingFederate as a service):

  1. Open <pf_install>/pingfederate/sbin/wrapper/PingFederateService.conf in a text editor.
    Example:
    wrapper.java.additional.9=-Dorg.apache.xml.security.ignoreLineBreaks=true
  2. Locate the heading:
    1. Java Additional Parameters
  3. Add -Dorg.apache.xml.security.ignoreLineBreaks=true as a variable value below the heading.

On Linux/Unix (running PingFederate from the command line or as a service):

  1. Open <pf_install>/pingfederate/bin/run.sh in a text editor.
  2. Locate an instance where the environment variable JAVA_OPTS is set.
  3. Add -Dorg.apache.xml.security.ignoreLineBreaks=true as a variable value.
Installing the Username Token Translator
To install the Username Token Translator:
  1. Download the Username Token Translator from the Downloads page at pingidentity.com.
  2. Extract the pf-username-token-translator-1.1.jar from the dist directory in the ZIP file to:
    <pf-install>/pingfederate/server/default/deploy

    NOTE
    For PingFederate 7.2 or higher, Username Token Processor is part of the product and does not require a separate download or installation.

Restart PingFederate

Restart PingFederate and launch the administrative console to perform the remainder of the setup.

Enable Server Protocols

In the PingFederate administrative console, make sure that the necessary protocols are enabled by clicking Server Settings and then Roles & Protocols. Ensure that WS-Federation is selected at a minimum under the IdP role. Select WS-Trust if you need to support active clients.

NOTE
The WS-Trust STS is licensed separately. This protocol selection is available only if an STS-enabled license is installed.

office365