PingFederate

The PingFederate connector integrates the Maverics Orchestrator with Ping Identity’s PingFederate server — enabling OIDC-based single sign-on for your applications.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The PingFederate connector uses OpenID Connect to federate authentication with PingFederate. It uses type: pingfederate in the connector configuration and supports standard OIDC flows — allowing you to extend PingFederate authentication to applications that don’t natively support modern identity protocols.

This connector integrates with PingFederate, Ping Identity’s on-premises federation server. The connector type in YAML is pingfederate.

Use Cases

PingFederate SSO federation — Extend PingFederate authentication to applications that don’t natively support OIDC
Multi-IdP orchestration — Route authentication to PingFederate alongside other identity providers
Legacy app modernization — Bridge PingFederate-authenticated users to legacy applications via header or cookie injection

Configuration

Console UI
Configuration

Console UI documentation is coming soon. This section will walk you through configuring this component using the Maverics Console’s visual interface, including step-by-step screenshots and field descriptions.

PingFederate configuration screen in Maverics Console

connectors:
  - name: pingfederate
    type: pingfederate
    oidcWellKnownURL: "https://{{ env.PING_HOST }}/.well-known/openid-configuration"
    oauthClientID: "{{ env.PING_CLIENT_ID }}"
    oauthClientSecret: <vault.ping_client_secret>
    oauthRedirectURL: "https://app.example.com/oidc/callback"
    scopes: "openid profile email"

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced in app policies
`type`	string	Yes	Must be `pingfederate`
`oidcWellKnownURL`	string	Yes	OIDC discovery endpoint URL for your PingFederate server
`oauthClientID`	string	Yes	OAuth 2.0 client ID from PingFederate
`oauthClientSecret`	string	Yes	OAuth 2.0 client secret (use secret reference syntax)
`oauthRedirectURL`	string	Yes	Callback URL registered with the PingFederate client
`scopes`	string	No	Space-separated OAuth scopes (default: `openid profile email`)
`oauthExtraParams`	map	No	Additional query parameters for the authorization request
`tls`	string	No	Named TLS profile for provider communication

For the complete field reference including health checks, offline access, and PKCE settings, see Identity Fabric.

Troubleshooting

Verify the oidcWellKnownURL is accessible from the Orchestrator host — ensure the PingFederate hostname and port are correct
Ensure the oauthRedirectURL matches exactly what is registered in the PingFederate client configuration
Check that the client secret reference resolves correctly via your secret provider

Identity Fabric

Overview of all identity providers

Custom OIDC

Generic OpenID Connect connector

Okta

OIDC connector for Okta

Continuity

Failover connector for IdP high availability

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Identity Fabric

Custom OIDC

Okta

Continuity

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Identity Fabric

Custom OIDC

Okta

Continuity

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages