PingFederate IdP Adapter Authenticator
This authenticator allows the Curity Identity Server to integrate with applications built as PingFederate IdP Adapters using the Agentless Integration Kit.
This authenticator can be seen as the counterpart to the PingFederate authenticator. The IdP Application is in charge of authenticating the user in any means necessary, and submitting the authentication attributes to the DropOff endpoint of the authenticator using a back channel. The authenticator creates and responds with a REF-code. The IdP Application appends the REF-code in the query string, and redirects the user to the callback endpoint. The authenticator matches the REF to the attributes and creates the SSO session based on it.
Authentication Flow#
- The OAuth client initiates the flow by making any supported protocol start request
- The browser is redirected the login web application. Optionally it fetches the original authorization request parameters from the Pickup endpoint. The application authenticates the user, and posts the authentication attributes to the DropOff endpoint in a POST message
- The authenticator responds with a
REF, as a reference to the attributes. - The application redirects back to the authenticator with the
REFin a query parameter. - The Curity Identity Server responds to the client
Configuration#
| Setting | Description |
|---|---|
| IdP Application URL | The URL to the IdP Application |
| Username | The username to use for basic authentication against the DropOff and Pickup endpoints |
| Password | The password to use for basic authentication against the DropOff and Pickup endpoints |
| Enable Original Parameter Sharing | Enable the pickup endpoint which can be used to fetch the parameters of the original authorization request |