PingFederate Server

Event types and variables

This lists the various event types and their respective keys (variables) used within the PingFederate Amazon SNS notification publisher instance configuration.

Message payload

As a publisher, PingFederate creates notification messages in JSON format and sends them to the configured topic. This JSON message body contains two top-level keys: data and configuration, as illustrated in the following snippet.

{
  "data": {
    "USERNAME": "jdoe",
    ...
  },
  "configuration": {
    "com.pingidentity.notification.config.locale": "en-US",
    ...
    "com.pingidentity.notification.config.event.type": "ADMIN_PASSWORD_CHANGED"
  }
}

For all events, PingFederate provides relevant information by including various key:value pairs in the message body, located inside the value of the data key.

The value of the com.pingidentity.notification.config.event.type key, located inside the value of the configuration key, indicates the event type. In this example, the event type is ADMIN_PASSWORD_CHANGED.

For end user-oriented events, the value of the com.pingidentity.notification.config.locale key, also located inside the value of the configuration key, indicates the locale of the end user who initiates the request.

Review the following sections for more information on event types and their respective keys, which are referred to as variables.

Events for administrators

Local administrative account management events
Event type Variables

ADMIN_ACCOUNT_CHANGE_NOTIFICATION_OFF

  • USERNAME represents the username of the local administrative account who has turned off the Notify Administrator of Account Changes option.

  • RECEIVER represents the email addresses of all the local administrative accounts configured with an email address.

  • NOTIFY represents the Notify Administrator of Account Change option on the Administrative Accounts window.

  • CURRENT_USER_MESSAGE represents the username of the administrator who initiated the change.

Unless otherwise noted, the rest of the variables in the Administrative Accounts section are either self-explanatory or identical to those mentioned here.

ADMIN_EMAIL_CHANGED

  • USERNAME

  • RECEIVER

  • DEPARTMENT

  • DESCRIPTION

  • PHONE_NUMBER

  • CURRENT_USER_MESSAGE

PingFederate sends two messages for this event type. Variables and their values remain the same, except for the RECEIVER value. They are intended to notify the end user at both the previous email address and the new email address.

ADMIN_PASSWORD_CHANGED

  • USERNAME

  • RECEIVER

  • DEPARTMENT

  • DESCRIPTION

  • PHONE_NUMBER

  • CURRENT_USER_MESSAGE

Certificate, SAML metadata update, and licensing events
Event type Variables

CERTIFICATE_EVENT_ACTIVATED and CERTIFICATE_EVENT_CREATED

  • SERIAL_NUMBER

  • SUBJECT_DN

  • EX_DATE

  • PENDING_CERT_SERIAL_NUM

  • PENDING_EX_DATE

  • ACTIVE_CONNECTIONS represents the connections impacted by the creation of the pending certificate and the activation of it.

  • ACTIVATION_DATE

CERTIFICATE_EVENT_EXPIRED,CERTIFICATE_EVENT_FINAL_WARN, and CERTIFICATE_EVENT_INITIAL_WARN

  • SERIAL_NUMBER

  • SUBJECT_DN

  • EX_DATE

  • EX_TYPE

  • CONN_NAME represents the connection impacted by any of the three certificate expiration events.

  • DAYS_LEFT

  • ACTION

SAML_METADATA_UPDATE_EVENT_ENTITY_ID_NOT_FOUND

  • ENTITY_ID

  • CONNECTION_NAME

  • METADATA_URL

  • METADATA_URL_NAME

SAML_METADATA_UPDATE_EVENT_FAILED

  • METADATA_URL

  • METADATA_URL_NAME

SAML_METADATA_UPDATE_EVENT_UPDATED

  • ENTITY_ID

  • CONNECTION_NAME

  • METADATA_URL

  • UPDATED represents any updated connection settings.

  • OUT_OF_SYNC represents any out-of-sync connection settings.

SERVER_LICENSING_EVENT_WARNING, SERVER_LICENSING_EVENT_EXPIRED, and SERVER_LICENSING_EVENT_SHUTDOWN

  • EX_DATE

  • DAYS_LEFT

Events for end users

Self-service password management, account recovery, and username recovery
Event type Variables

ACCOUNT_UNLOCKED

  • USERNAME represents the user name of the end user where the request is made.

  • RECEIVER represents the email address of the end user where the request is made.

  • ADAPTER_ID represents the Instance ID of the invoking HTML Form Adapter instance.

  • PCV_ID represents the Instance ID of the Password Credential Validator (PCV) instance involved.

Unless otherwise noted, the rest of the variables in the HTML Form Adapter instances section are either self-explanatory or identical to those mentioned here.

PASSWORD_CHANGED

  • GIVEN_NAME

  • USERNAME

  • RECEIVER

  • ADAPTER_ID

  • PCV_ID

PASSWORD_RESET

  • USERNAME

  • RECEIVER

  • ADAPTER_ID

  • PCV_ID

  • STATUS

PASSWORD_RESET_FAILED

  • USERNAME

  • RECEIVER

  • ADAPTER_ID

  • PCV_ID

PASSWORD_RESET_ONE_TIME_CODE and PASSWORD_RESET_ONE_TIME_LINK

  • USERNAME

  • RECEIVER

  • ADAPTER_ID

  • PCV_ID

  • CODE represents the one-time code or hyperlink that the end user can use to reset the password associated with the account.

USERNAME_RECOVERY

  • USERNAME

  • RECEIVER

  • ADAPTER_ID

  • PCV_ID

  • DISPLAY_NAME

Customer IAM email ownership verification
Event type Variables

OWNERSHIP_VERIFICATION_ONE_TIME_LINK

  • USERNAME represents the user name of the end user who should receive an email ownership verification request.

  • RECEIVER represents the email address to which the email ownership verification request is sent.

  • CODE represents the one-time hyperlink that the end user can use to verify the ownership of the email address associated with the account.