Java Integration Kit

Overview of the SSO flow

The Java Integration Kit consists of two parts:

  • The OpenToken Adapter, which runs within the PingFederate server

  • The Agent Toolkit for Java, which resides within the Java application

The following figure shows a basic IdP-initiated SSO scenario in which PingFederate federation servers using the Java Integration Kit exist on both sides of the identity federation:

xnb1563995422337

Sequence

  1. A user initiates an SSO transaction.

  2. The IdP application inserts user attributes into the Agent Toolkit for Java, which encrypts the data internally and generates an OpenToken.

  3. A request containing the OpenToken is redirected to the PingFederate IdP server.

  4. The server invokes the OpenToken IdP Adapter, which retrieves the OpenToken, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a Security Assertion Markup Language (SAML) assertion.

  5. The SAML assertion is sent to the SP site.

  6. The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The Adapter encrypts the data internally and generates an OpenToken.

  7. A request containing the OpenToken is redirected to the SP application.

  8. The Agent Toolkit for Java decrypts and parses the OpenToken and makes the user attributes available to the SP Application.

    PingFederate can be configured to look up additional attributes from either an IdP or SP data store. For more information, see Data Stores in the PingFederate documentation.