PingFederate
This authenticator allows Curity Identity Server to integrate with PingFederate by Ping Identity. The use case that this component is designed to solve is when PingFederate is functioning as a SAML service provider or a WS-Federation Relying Party. In this scenario, PingFederate will receive a federation message from an upstream Identity Provider and process that before sending it to Curity Identity Server. When it does, it is this component that will handle the message. This integration is shown in the following figure:
detail, PingFederate (in the “service provider” role) receives a SAML 1.1, SAML 2, WS-Federation or any other protocol that it can handle (1). Part of its handling of the message is to store the user attributes it received. Using the “agentless integration kit” to broker this message into The Curity Identity Server, PingFederate creates a reference to the user data; this reference is sent to The Curity Identity Server as a parameter via a redirect that takes place in the user’s browser (2). Next, the PingFederate authenticator makes an authenticated, back-channel connection to PingFederate, providing the reference (3). The response to this point-to-point HTTP request is the set of attributes that PingFederate has parsed from the federation message (4).
| Setting | Description |
|---|---|
| SSO Endpoint | The PingFederate endpoint where users will be redirected to when authentication is required |
| Pickup URL | The PingFederate pickup endpoint |
| Pickup Username | The username to authenticate to the pickup endpoint (if not defined in the HTTP client) |
| Pickup Password | The password to authenticate to the pickup endpoint (if not defined in the HTTP client) |
| SP Adapter ID | The service provider adapter ID in PingFederate that represents the Curity Identity Server |
| Use Template Redirect | Whether or not redirects should be done with a template (required to support POST requests) |
| Date/Time Format | The format of dates asserted by PingFederate |
| HTTP Client | The HTTP client to use when communicating with the PingFederate pickup endpoint |
For more information about the setup and integration in PingFederate, refer to that product’s documentation.