SP deployment notes
The following notes provide additional information for using the WAM Integration Kit as an SP:
-
The WAM SP Adapter relies on a custom authentication scheme to validate the authentication request coming from the PingFederate SP Adapter. The secret specified in the SP Adapter is verified against the one configured with the scheme. You can create custom authentication schemes for specific WAM systems using their API.
The authentication scheme for OAM is included in the samples folder at the following location:
<integration_kit_install_dir>/sdk/samples/oam/PingCustomAuthPlugin.java -
To support Account Linking, the Account Linking Service has to be implemented and then protected by the WAM Web Agent. This could be done as a
JSPpage that redirects back to PingFederate. The relativeresumePathis sent as part of the request and theJSPpage needs to create the absolute URL and redirect, as shown below.<% String resumePath = request.getParameter("resumePath"); if(resumePath != null) { resumePath = <PingFed_URL> + resumePath; (1) response.sendRedirect(resumePath); } %>1 <PingFed_URL>is the fully-qualified URL of the PingFederate server.resumePathis generated from PingFederate and intended for asynchronous communication between the adapter and the external application. The state is saved in PingFederate and processing is resumed when the application redirects to theresumePath.The WAM SP Adapter retrieves the user information from the WAM session cookie and resumes SSO.