Configuring the Connection Set Authentication Selector
The Connection Set Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found between the target service provider (SP) connection used in a single sign-on (SSO) request and SP connections configured within PingFederate.
About this task
This selector allows you to override connection authentication selection on an individual connection basis in one or more authentication policies.
Steps
-
Go to Authentication → Policies → Selectors to open the Selectors window.
-
On the Selectors window, click Create New Instance to start the Create Authentication Selector Instance workflow.
-
On the Type tab, configure the basics of this authentication selector instance.
-
From the Type list, make sure you select Connection Set Authentication Selector.
-
Click Next. In the Authentication Selector window, click Add a new row to 'Connections'.
-
From the Connection list, select an SP connection and click Update.
-
Optional: Repeat the previous step to add more connections. Display order does not matter.
Click Edit, Update, or Cancel to make or undo a change to an existing entry. Click Delete or Undelete to remove an existing entry or cancel the removal request.
-
Complete the configuration. On the Summary tab, click Done. On the Selectors window, click Save.
Result
When you place this selector instance as a checkpoint in an authentication policy, it forms two Yes and No policy paths. If the invoking SP connection matches one of the connections from the set, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of Yes. If the invoking SP connection matches none of the connections from the set, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of No.