Configuring pass-through authentication to custom services
The PingDirectory server provides support for passing through LDAP simple bind attempts to an external service for authentication processing, either instead of or in addition to the processing that it typically performs against the locally stored data. Use the Server SDK to implement support for custom pass-through authentication handlers for interacting with other types of external services.
About this task
To create a custom pass-through authentication handler, use the Server SDK. To configure your pass-through handler in the server:
Steps
-
Create an instance of a third-party pass-through authentication handler and set its
extension-class
property by running a command similar to the following.Example:
dsconfig create-pass-through-authentication-handler \ --handler-name "<Example Handler>" \ --type third-party \ --set extension-class:<com.example.ExamplePassThroughAuthenticationHandler> \ --set extension-argument:<argName1=argValue1> \ --set extension-argument:<argName2=argValue2>
The third-party pass-through authentication handler supports the following configuration properties.
Property Description extension-class
The fully-qualified name of the Java class that provides the custom pass-through authentication handler implementation. This class must be a subclass of
com.unboundid.directory.sdk.ds.api.PassThroughAuthenticationHandler
.extension-argument
An optional set of name-value pairs that provide arguments needed to configure the custom pass-through authentication handler.
-
Optional: Set any further configuration needs, as determined by your custom implementation, through the
extension-argument
property. -
After you have configured the third-party pass-through authentication handler, configure a pluggable pass-through authentication plugin instance to use it, using a command similar to the following.
Example:
dsconfig create-plugin \ --plugin-name "Pluggable Pass-Through Authentication" \ --type pluggable-pass-through-authentication \ --set enabled:true \ -- set "pass-through-authentication-handler:<Example Handler>"
For more information about the configuration properties for the pluggable pass-through authentication plugin, see Working with pass-through authentication.