PingAccess

Introduction

The PingAccess Agent SDK for C provides an API and sample code to enable developers to build agents for C or C++-based application and web servers.

Supported platforms include:

  • Red Hat Enterprise Linux Server 7 (32 bit)

  • Red Hat Enterprise Linux Server 8 (32 bit or 64 bit)

  • SUSE Linux Enterprise Server 12 SP2 (64 bit)

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2019

Agents provide access management features to their containing server by relying on central PingAccess servers over the PingAccess Agent Protocol. The PingAccess Agent Protocol Specification is available from the Ping Identity support portal.

muw1564006721471

Processing steps

  1. The client accesses a resource. If the user is already authenticated, this process continues with step 5.

  2. The agent asks PingAccess for instructions. PingAccess checks the URL policy and determines that it is a protected resource. PingAccess redirects the client to PingFederate to establish a session.

  3. The user signs on, and PingFederate creates the session.

  4. The client is redirected back to the resource.

  5. The agent asks PingAccess for instructions. PingAccess checks the URL policy and determines that it is a protected resource. PingAccess checks the session token and determines that it is valid.

  6. If session revocation is enabled, PingAccess checks and updates the central session revocation list. If the session is valid, the agent is instructed to set identity HTTP headers.

The PingAccess Agent Software Development Kit (SDK) for C consists of the following components:

SDK (C Agent)

The SDK is a set of C header files that represent the interface to the library that implements the PingAccess Agent Protocol.

C Agent libraries

The C libraries implement the PingAccess Agent Protocol. There are binaries for Red Hat Enterprise Linux 7/8 as well as for Windows.

PingAccess Agent SDK for C API documentation

Each of the interfaces defined in the header files is fully documented.

Apache Agent Sample

<AGENT_SDK_FOR_C_HOME>/sample : The Apache Agent Sample demonstrates how the SDK integrates into Apache as an Apache module that is integrated with the Apache request processing workflow. The provided source code and module configuration provide a functional example for how to integrate the SDK into an existing web application. The sample can be modified in-place and recompiled using make to test customizations to the Sample code for your environment.

This sample code demonstrates how to implement the PingAccess Agent as an Apache module and has been qualified in the following environments:

  • Red Hat Enterprise Linux 7 (RHEL7), 64-bit

  • Red Hat Enterprise Linux 8 (RHEL8), 64-bit

The Apache Agent itself is production-quality and can be used either as-is or as a starting point for further development. While Ping Identity provides this as a sample, the only versions that are fully supported in production are the precompiled versions available from the Ping Identity download site.

The sample includes instructions for how to configure the sample as a PingAccess Agent to protect websites within its scope. Further hardening of the Apache server configuration or of the sample configuration file might be required.

If you need assistance using the PingAccess Agent SDK for C, visit the Ping Identity Support Center for help you with your application. Engage the Ping Identity Professional Services team for assistance with developing customizations.

To download the SDK, go to the PingAccess downloads site and click the Add-ons tab.