PingFederate 8.0 --> 8.1.x & CoreBlox Token Service

Many of our customers choose to deploy CTS from within their PingFederate server (this is a jointly supported deployment model by Ping Identity and Coreblox) instead of inside a 3rd Party Application Server or in standalone mode (using embedded Jetty). Customers who deployed CTS within PingFederate (who were using PingFederate 8) started to report issues accessing the PingFederate Admin API as well as deadlock issues with logging.

After some investigation, Ping Engineering is recommending making a minor change to the following file -- <PF_HOME>\pingfederate\modules\pf.mod -- to resolve both issues.

Specifically, in the [lib] section, the second and third lines need to be reversed so that your file looks like this (color added for emphasis):

#
# Jetty PF Module
#
[lib]
lib/**
server/default/lib/*
server/default/deploy/*
server/default/conf/

[xml]
etc/jetty-runtime.xml
etc/jetty-admin.xml

This file MUST be modified on all PingFederate instances and the server node restarted for the change to take effect.

NOTE: Ping Engineering has done some initial qualification of this workaround, but more is still pending with their integration kits to see if they're impacted by this change. There's a chance that some of the older kits (like the Salesforce IK) could be affected. As always, testing in a DEV environment is strongly recommended before going into production. Please report any issues immediately to Ping Support

Ian Barnett Ping Identity Practice Director