Authentication challenge responses
This table describes the authentication challenge responses generated by PingAccess, based on its configuration and properties of the request.
An authentication challenge response is an HTTP response sent to a user agent (such as a web browser) by PingAccess, telling the user agent that the corresponding request did not contain a valid authentication token. Some responses also provide instructions to the user agent to obtain a valid authentication token such as an HTTP redirect response containing an encoded OpenID Connect (OIDC) authentication request.
When onboarding new applications to PingAccess, the recommended configuration is SPA Support = Enabled, Request Preservation = POST and
Fragment, and Fail on Unsupported Content Type = false, regardless of the behavior of the application. This configuration is displayed in the first table.
| PingAccess configuration | Request properties | Response characteristics | |||||
|---|---|---|---|---|---|---|---|
SPA Support1 |
Request Preservation2 |
Fail on Unsupported Content Type3 |
Method |
Content Type |
Accept Header Field |
Response Code |
Body Content |
Enabled |
POST, POST and Fragment |
Any |
GET4 |
Any |
NOT application/json |
401 |
HTML |
Enabled |
POST, POST and Fragment |
Any |
GET4 |
Any |
application/json |
401 |
JSON |
Enabled |
POST, POST and Fragment |
false |
POST |
Any |
NOT application/json |
401 |
HTML |
Enabled |
POST, POST and Fragment |
false |
POST |
Any |
application/json |
401 |
JSON |
1Configured on an application. In the Admin application programming interface (API), the field is spaSupportEnabled. In the UI, the field is SPA Support. See Adding an application for more information about this field. |
|||||||
2Configured on a web session. In the Admin API, the field is requestPreservationType. In the UI, the field is Request Preservation. See Creating web sessions for more information about this field. |
|||||||
3This option is only available through the Admin API. |
|||||||
4Any non-POST method receives the same response as a GET. |
|||||||
| PingAccess configuration | Request properties | Response characteristics | |||||
|---|---|---|---|---|---|---|---|
SPA Support1 |
Request Preservation2 |
Fail on Unsupported Content Type3 |
Method |
Content Type |
Accept Header Field |
Response Code |
Body Content |
Disabled |
None |
Any |
Any |
Any |
Any |
302 |
None |
Disabled |
POST |
Any |
GET4 |
Any |
Any |
302 |
None |
Disabled |
POST |
Any |
POST |
application/x-www-form-urlencoded |
Any |
200 |
HTML |
Disabled |
POST |
false |
POST |
NOT application/x-www-form-urlencoded |
Any |
302 |
None |
Disabled |
POST |
true |
POST |
NOT application/x-www-form-urlencoded |
Any |
415 |
HTML |
Disabled |
POST and Fragment |
Any |
GET4 |
Any |
Any |
200 |
HTML |
Disabled |
POST and Fragment |
Any |
POST |
application/x-www-form-urlencoded |
Any |
200 |
HTML |
Disabled |
POST and Fragment |
false |
POST |
NOT application/x-www-form-urlencoded |
Any |
302 |
None |
Disabled |
POST and Fragment |
true |
POST |
NOT application/x-www-form-urlencoded |
Any |
415 |
HTML |
Enabled |
None |
Any |
Any |
Any |
NOT application/json |
401 |
HTML |
Enabled |
None |
Any |
Any |
Any |
application/json |
401 |
JSON |
Enabled |
POST, POST and Fragment |
true |
POST |
NOT application/x-www-form-urlencoded |
NOT application/json |
415 |
HTML |
Enabled |
POST, POST and Fragment |
true |
POST |
application/x-www-form-urlencoded |
NOT application/json |
401 |
HTML |
Enabled |
POST, POST and Fragment |
true |
POST |
Any |
application/json |
401 |
JSON |