Authentication challenge response generator descriptions
This table describes the challenge response generators available for configuration on the New Authentication Challenge Policy page.
Challenge Response Generator | Description | ||||
---|---|---|---|---|---|
Browser-handled OIDC Authentication Request |
Generates an HTML or |
||||
HTML OIDC Authentication Request |
Generates a response with a 401 response code. The response body is an HTML document that automatically issues the OpenID Connect (OIDC) authentication request using JavaScript. The HTML always attempts to preserve the fragment of the current browser Uniform Resource Locator (URL) and preserves a POST body if the |
||||
MS-OFBA Authentication Request Redirect |
Adds two response headers to an HTTP request:
This enables you to open Microsoft (MS) Office documents protected by PingAccess in an in-app browser that redirects to the OpenID Provider (OP) for user authentication. After the user authenticates, PingAccess establishes a web session and redirects the user to the corresponding MS Office application (spreadsheets open in Microsoft Excel, for example).
|
||||
OIDC Authentication Request Redirect |
Generates a response with a 302 response code. The response body directs the browser to send an OIDC authentication request to the OP. |
||||
PingFederate Authentication API Challenge |
Generates a response with a 401 response code. The body is a JavaScript Object Notation (JSON) object that directs the application to connect to the PingFederate redirectless authorization application programming interface (API). The JSON object contains three strings:
For more information about the required PingFederate configuration, see Authentication API in the PingFederate documentation. For more information about configuring the JavaScript widget to enable this challenge response, see the Redirectless support page on Github. |
||||
Redirect Challenge |
Generates a response with the specified response code that redirects the user to a specified URL.
Optionally, select the Append Redirect Parameters check box to append PingFederate Authentication API parameters and the URL of the protected resource the user tried to access within the query string of the redirect URL that you specified. This lets you initiate PingFederate’s redirectless OIDC flow from your own sign-on page when an unauthenticated user tries to access a protected resource. The appended parameters are:
|
||||
Templated Challenge |
Generates a response with the specified response code based on a specified template. Possible template variables include:
|