Configuring the Cluster Node Authentication Selector
The Cluster Node Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the PingFederate cluster node that is servicing the request in authentication policies.
About this task
For example, this selector allows you to choose whether Integrated Windows Authentication (IWA) is attempted based on the PingFederate cluster node with which a Key Distribution Center (KDC) is associated.
Steps
-
Go to Authentication → Policies → Selectors to open the Selectors window.
-
On the Selectors window, click Create New Instance to start the Create Authentication Selector Instance workflow.
-
On the Type tab, configure the basics of this authentication selector instance.
-
On the Authentication Selector window, select the Field Value on which to branch policy paths. The authentication selector provides a means of choosing authentication sources at runtime based on the cluster node on which it is executing.
- Node Index
-
Select Node Index to use the
pf.cluster.node.index
value specified inrun.properties
. - Node Tag
-
Select Node Tag to use the
node.tags
values specified inrun.properties
.
-
On the Selector Result Values window, specify the relevant node index or node tag values.
Each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.
-
In the Result Values field, enter a node index or node tag value based on your cluster configuration and click Add. This value should correspond to a node index or node tag of one of the engine nodes in the cluster.
-
Optional: Add more values to differentiate criteria for authentication selection.
Display order does not matter.
Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Click Delete to remove an entry.
-
-
Complete the configuration. On the Summary tab, click Done. On the Selectors window, click Save.