Configuring pass-through authentication to custom services

The PingDirectory server provides support for passing through LDAP simple bind attempts to an external service for authentication processing, either instead of or in addition to the processing that it typically performs against the locally stored data. Use the Server SDK to implement support for custom pass-through authentication handlers for interacting with other types of external services.

About this task

To create a custom pass-through authentication handler, use the Server SDK. To configure your pass-through handler in the server:

Steps

Create an instance of a third-party pass-through authentication handler and set its extension-class property by running a command similar to the following.

Example:

dsconfig create-pass-through-authentication-handler \
     --handler-name "<Example Handler>" \
     --type third-party \
     --set extension-class:<com.example.ExamplePassThroughAuthenticationHandler>  \
     --set extension-argument:<argName1=argValue1>  \
     --set extension-argument:<argName2=argValue2>

The third-party pass-through authentication handler supports the following configuration properties.

Property Description

Property	Description
`extension-class`	The fully-qualified name of the Java class that provides the custom pass-through authentication handler implementation. This class must be a subclass of `com.unboundid.directory.sdk.ds.api.PassThroughAuthenticationHandler`.
`extension-argument`	An optional set of name-value pairs that provide arguments needed to configure the custom pass-through authentication handler.

extension-class

The fully-qualified name of the Java class that provides the custom pass-through authentication handler implementation. This class must be a subclass of com.unboundid.directory.sdk.ds.api.PassThroughAuthenticationHandler.

extension-argument

An optional set of name-value pairs that provide arguments needed to configure the custom pass-through authentication handler.

Optional: Set any further configuration needs, as determined by your custom implementation, through the extension-argument property.
After you have configured the third-party pass-through authentication handler, configure a pluggable pass-through authentication plugin instance to use it, using a command similar to the following.

Example:
```
dsconfig create-plugin \
     --plugin-name "Pluggable Pass-Through Authentication" \
     --type pluggable-pass-through-authentication \
     --set enabled:true \
     -- set "pass-through-authentication-handler:<Example Handler>"
```
For more information about the configuration properties for the pluggable pass-through authentication plugin, see Working with pass-through authentication.