PingFederate

PingFederate is a self-managed identity gateway that acts as both an OAuth 2.0 / OpenID Connect Provider and a SAML 2.0 Identity Provider (IdP) or Service Provider (SP). It’s a core component of Ping Identity’s enterprise IAM stack, offering secure token issuance, legacy federation support, and flexible integration for hybrid or on-prem environments.

Key Capabilities

  • Standards-based federation: Functions as an OIDC/OAuth 2.0 Authorization Server (AS) and SAML 2.0 IdP/SP, with guided setup for SP/IdP connections through the admin console.

  • Legacy protocol support: Includes WS-Federation (passive profile) and WS-Trust STS to support SOAP and legacy web service interoperability.

  • Client authentication options: Offers multiple client authentication methods, including mutual TLS (mTLS) and client secrets, for sender-constrained token security.

  • OIDC & OAuth metadata publishing: Automatically exposes discovery and authorization server metadata (RFC 8414), allowing clients to self-configure endpoints and capabilities.

Limitations

  • Self-hosted operations: As a software product, PingFederate requires customers to manage server operations, upgrades, certificates, and HA/load balancing—unlike the SaaS-based PingOne platform.

  • Feature distribution: Some advanced capabilities, such as risk-based access, identity orchestration, and cloud-based PAR, are available only in PingOne, not in PingFederate.

  • SCIM provisioning: SCIM 2.0 endpoints are provided via PingDirectory and PingOne connectors rather than PingFederate itself; use these components for lifecycle automation.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales