Ping OpenID

The following guide is to help the deployment of an Ping Identity OpenID configuration as the authentication provider for Pyramid. Ping is not that different to generic OpenID, but there are some key aspects that are unique.

Note: This feature is available with Enterprise licensing only.

Ping Identity OpenID Setup

Add a new OpenID Application

Go to Applications and add application:

Give the application a name. Then select OIDC Web App.

Configuration

On the newly created app, go to Configuration and click the edit button.

Enable the following OIDC Settings

The redirect URIs are the URLs for the Pyramid instance.

Overview and Settings

Open Overview and then save the following settings to configure Pyramid

Setting the provider up in Pyramid

Open authentication manager in the Pyramid admin console: Pyramid Admin>Security>Authentication, click the Change Provider button.

Take all the setup information from the previous steps above to fill in the form.

  • Endpoint URL: OAuth 2.0 authorization endpoint (v2)
  • Client ID: Client ID
  • Redirect URL: Redirect URI (https://mypyramidsite.pyramidanalytics.com/login/login_callback)
  • Logout URL: Signoff Endpoint
  • JSON Web Keys URI: JWKS Endpoint

Once all the fields are filled, click test, take the ping_login_name from the pop up and put it in the External ID, then apply.

User Provisioning Setup

The Ping Identity OpenID provider can be used for auto provisioning in Pyramid. Click here for more details.

Save your changes

Click Apply to start the provider change over process. At this stage, the existing users attached to the previous authentication system need to be converted over.

Admins will be prompted to either:

  • Delete all existing users and delete their content
  • Convert old users to the new provider (through the user conversion wizard), and keep their content

Since this exercise cannot be rolled back once the changes are committed, admins need to step through this exercise carefully.