Other services
PingFederate offers an account linking service and a pseudonym service to support SAML 2.0 federation deployment needs.
Account linking service
The account linking service stores the association between the external and internal identifiers of an end user when your implementation uses account linking as a service provider (SP) identity-mapping strategy. The default, standalone implementation uses a Java Database Connectivity (JDBC) interface to an embedded database within PingFederate. No information from the embedded database is shared across the cluster. When an identity provider (IdP) connection deployed in a cluster uses account linking, the default implementation will not work properly. In such cases, you must adjust the pointer for cluster use by pointing the service to an external database. For more information, see Define an account-linking data store.
Pseudonym service
The pseudonym service references the method needed by PingFederate to generate or look up a pseudonym for a user. PingFederate uses this service only if your site is acting in an IdP role and produces assertions containing pseudonyms as subject identifiers. The default implementation uses a message digest to produce the value so that no session-state synchronization is required. Developers who want to implement pseudonym handling differently can refer to the Javadoc reference describing PseudonymService
interface for more information.