Skip to content

PingFederate Provider

The PingFederate provider is used to interact with the many resources supported by the PingFederate admin API. The provider needs to be configured with the proper credentials before it can be used.

Use the navigation to the left to read about the available resources.

Example Usage

Terraform 0.13 and later:

terraform {
  required_providers {
    pingfederate = {
      source = "iwarapter/pingfederate"
      version = "~> 0.0.7"
    }
  }
}

provider "pingfederate" {
  username = "Administrator"
  password = "2Access"
  base_url = "https://localhost:9999"
  context  = "/pf-admin-api/v1"
}

# Create a authentication policy contract
resource "pingfederate_authentication_policy_contract" "demo" {
  # ...
}

Terraform 0.12 and earlier:

# Configure the PingFederate Provider
provider "pingfederate" {
  username = "Administrator"
  password = "2Access"
  base_url = "https://localhost:9999"
  context  = "/pf-admin-api/v1"
}

# Create a authentication policy contract
resource "pingfederate_authentication_policy_contract" "demo" {
  # ...
}

Authentication

The PingFederate provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

  • Static credentials

  • Environment variables

Static credentials

Static credentials can be provided by adding an username and password in-line in the PingFederate provider block:

Usage:

provider "pingfederate" {
  username = "Administrator"
  password = "2Access"
  base_url = "https://localhost:9999"
  context  = "/pf-admin-api/v1"
}

Environment variables

You can provide your credentials via the PINGFEDERATE_USERNAME, PINGFEDERATE_PASSWORD, PINGFEDERATE_CONTEXT and PINGFEDERATE_BASEURL environment variables.

provider "pingfederate" {}

Usage:

$ export PINGFEDERATE_USERNAME="Administrator"
$ export PINGFEDERATE_PASSWORD="top_secret"
$ export PINGFEDERATE_CONTEXT="/pf-admin-api/v1"
$ export PINGFEDERATE_BASEURL="https://myadmin.server:9999"
$ terraform plan

Argument Reference

In addition to generic provider arguments (e.g. alias and version), the following arguments are supported in the AWS provider block:

  • username - (Required) This is the PingFederate administrative username. It must be provided, but it can also be sourced from the PINGFEDERATE_USERNAME environment variable.

  • password - (Required) This is the PingFederate administrative password. It must be provided, but it can also be sourced from the PINGFEDERATE_PASSWORD environment variable.

  • base_url - (Required) This is the PingFederate base url (protocol:server:port). It must be provided, but it can also be sourced from the PINGFEDERATE_BASEURL environment variable.

  • context - (Optional) This is the PingFederate context path for the admin API, defaults to /pf-admin-api/v1 and can be sourced from the PINGFEDERATE_CONTEXT environment variable.

  • bypass_external_validation - (Optional) Whether to ignore external validation of resources within PingFederate defaults to false.