I'm attempting to use a XHR/Ajax call to our PingFederate configuration (/.well-known/openid-configuration) but I'm getting a cross-domain error.
Its imperative that JavaScript clients be able to call this URL since the entire OIDC flow is possible with a client side JavaScript application. Therefore, this endpoint needs to be accessible on a domain other than the IdP and ideally without a separate server side proxy.
Update (September 2018): PingFederate (from version 9.0 and up) now has simple out of the box configuration for enabling CORS. For more details, see:
Original Answer:
The CrossOriginFilter Jetty filter can be enabled in PingFederate to support this.