Adding device profiling to an authentication API-based application

If you are using the PingFederate authentication application programming interface (API) and want to avoid using HTTP cookies, modify your application to collect the device profile and send it to the authentication API.

Adding device profiling to an authentication API-based application using the PingOne Risk (Signals) SDK and integration kit 1.3.1

About this task

Use the following instructions to add device profiling to a web application using the PingOne Risk (Signals) SDK. Learn more about the authentication API in Authentication API in the PingFederate documentation or PingOne Risk Native SDKs in the PingOne Native SDK documentation.

PingOne Risk Integration Kit version 1.3.1 must be deployed before any changes can be made on the HTML side. SDK version 5.2.1 or later requires adapter version 1.3.1 or later.

Steps

Implement the Signals SDK by following the steps in PingOne Risk Native SDKs.

Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide.

The pingone-risk-profiling-signals-sdk.js assumes you are using the web SDK. If using a mobile device and you want to send the deviceProfile check the SDK documentation and use accordingly.

function onCompletion(flowId, deviceProfile) {
	submitDeviceProfile(flowId, deviceProfile);
}

function submitDeviceProfile(flowId, deviceProfile) {
	var myHeaders = new Headers();
	myHeaders.append("X-XSRF-Header", "test");
	myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");

	var raw = JSON.stringify({
    	"signalsSdkDeviceProfile": deviceProfile
	});

	var requestOptions = {
    	method: 'POST',
    	headers: myHeaders,
    	body: raw,
    	redirect: 'follow'
	};

	fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
    	.then(response => response.text())
    	.then(result => console.log(result))
    	.catch(error => console.log('error', error));
}

When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with the value from the profileDevice(callback) method.

When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by previous adapter.

Adding device profiling to an authentication API-based application using the PingOne Risk (Signals) SDK and integration kit 1.3 or earlier

About this task

Use the following instructions to add device profiling to a web application using the PingOne Risk (Signals) SDK. Learn more about the authentication API in Authentication API in the PingFederate documentation or PingOne Risk Native SDKs in the PingOne Native SDK documentation.

Steps

Implement the Signals SDK by following the steps in PingOne Risk Native SDKs.

Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide.

The pingone-risk-profiling-signals-sdk.js assumes you are using the web SDK. If using a mobile device and you want to send the deviceProfile check the SDK documentation and use accordingly.

function onCompletion(flowId, deviceProfile) {
	submitDeviceProfile(flowId, deviceProfile);
}

function submitDeviceProfile(flowId, deviceProfile) {
	var myHeaders = new Headers();
	myHeaders.append("X-XSRF-Header", "test");
	myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");

	var raw = JSON.stringify({
    	"signalsSdkDeviceProfile": deviceProfile
	});

	var requestOptions = {
    	method: 'POST',
    	headers: myHeaders,
    	body: raw,
    	redirect: 'follow'
	};

	fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
    	.then(response => response.text())
    	.then(result => console.log(result))
    	.catch(error => console.log('error', error));
}

When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with the value from the profileDevice(callback) method.

When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by previous adapter.

Adding device profiling to an Authentication API-based application using Fingerprint JS

About this task

Use the following instructions to add device profiling to a web application using Fingerprint JS. Learn more about the authentication API in Authentication API in the PingFederate documentation.

The PingOne Risk (Signals) SDK is the preferred way to get device profiling and is recommended for use in the PingOne Risk Integration Kit 1.3 and later.

Steps

Copy the following files from the integration .zip archive to your web server.
- fingerprint2-<version>.min.js
- pingone-risk-management-profiling.js

Add the following external script references to the sign-on page:

The scripts must be added in the following order.

<script type="text/javascript" src="fingerprint2-<version>.min.js"></script>
<script type="text/javascript" src="{file-prefix}-profiling.js"></script>

Configure your application to call the profileDevice(onCompletion) function. This creates the device profile.

Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide.

function onCompletion(flowId, components) {
    var deviceProfile = transformComponentsToDeviceProfile(components);
    submitDeviceProfile(flowId, deviceProfile);
}

function submitDeviceProfile(flowId, deviceProfile) {
    var myHeaders = new Headers();
    myHeaders.append("X-XSRF-Header", "test");
    myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");

    var raw = JSON.stringify({
        "deviceProfile": deviceProfile
    });

    var requestOptions = {
        method: 'POST',
        headers: myHeaders,
        body: raw,
        redirect: 'follow'
    };

    fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
        .then(response => response.text())
        .then(result => console.log(result))
        .catch(error => console.log('error', error));
}

When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with a value structured as follows:

{
   "deviceProfile":{
      "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:82.0) Gecko/20100101 Firefox/82.0",
      "language":"en-CA",
      "colorDepth":24,
      "deviceMemory":null,
      "hardwareConcurrency":12,
      "screenResolution":[
         3440,
         1440
      ],
      "availableScreenResolution":[
         3440,
         1417
      ],
      "timezoneOffset":480,
      "timezone":"America/Los_Angeles",
      "sessionStorage":true,
      "localStorage":true,
      "indexedDb":true,
      "addBehaviour":false,
      "openDatabase":false,
      "cpuClass":null,
      "platform":"MacIntel",
      "plugins":[
      ],
      "webgl":[
         "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAARYUlEQVR4nO3c30vcj57f8effUWg5F1
		 [...]
		 WEBGL_draw_buffers;WEBGL_lose_context",
         "webgl aliased line width range:[1, 1]",
         "webgl aliased point size range:[1, 8191]",
         [...]
         "webgl fragment shader low int precision rangeMin:24",
         "webgl fragment shader low int precision rangeMax:24"
      ],
      "webglVendorAndRenderer":"ATI Technologies Inc.~AMD Radeon Pro 560X OpenGL Engine",
      "adBlock":false,
      "hasLiedLanguages":false,
      "hasLiedResolution":false,
      "hasLiedOs":false,
      "hasLiedBrowser":false,
      "touchSupport":[
         "0",
         "false",
         "false"
      ],
      "fonts":[
         "Andale Mono",
         "Arial",
         [...]
         "Wingdings",
         "Wingdings 2",
         "Wingdings 3"
      ],
      "audio":"35.7383295930922"
   }
}

When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by this adapter.