--- title: Configuring the HTTP Header Authentication Selector description: The HTTP Header Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found in a specified HTTP header. component: pingfederate version: 13.0 page_id: pingfederate:administrators_reference_guide:pf_config_http_header_auth_selector canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_config_http_header_auth_selector.html revdate: March 20, 2025 section_ids: about-this-task: About this task steps: Steps result: Result example: Example --- # Configuring the HTTP Header Authentication Selector The HTTP Header Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found in a specified HTTP header. ## About this task Use this selector in one or more authentication policies to choose from authentication sources that share a similar level of assurance, such as among multiple HTML Form Adapters or between a Kerberos Adapter and an X.509 Adapter. For example, use this selector to choose an authentication source based on the user's browser identified by the `User-Agent` HTTP header. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Don't use this selector to determine whether an authentication source with a higher level of assurance should be bypassed because HTTP request headers could potentially be forged. | ## Steps 1. Go to **Authentication > Policies > Selectors** to open the **Selectors** window. 2. On the **Selectors** window, click **Create New Instance** to start the **Create Authentication Selector Instance** workflow. 3. On the **Type** tab, configure the basics of this authentication selector instance. 4. On the **Authentication Selector** tab, click **Add a new row to 'Results'**. 5. Enter an expression for use when inspecting the HTTP header value of the target HTTP header under **Match Expression**, and click **Update**. | | | | - | ------------------------------------------------ | | | Wildcard entries are allowed, such as `*value*`. | 6. (Optional) Repeat the previous step to add more expressions. Display order does not matter. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Click **Edit**, **Update**, or **Cancel** to make or undo a change to an existing entry. Click **Delete** or **Undelete** to remove an existing entry or cancel the removal request. | 7. In the **Header Name** field, enter the type of HTTP header you want the selector to inspect. This field isn't case-sensitive. 8. (Optional) To disable case-sensitive matching between the HTTP header values from the requests and the **Match Expression** values specified on this window, clear the **Case-Sensitive Matching** checkbox. The **Case-Sensitive Matching** checkbox is selected by default. 9. Complete the configuration. On the **Summary** tab, click **Done**. On the **Selectors** window, click **Save**. ## Result When you place this selector instance as a checkpoint in an authentication policy, it forms two policy paths: **Yes** and **No**. If the value of the specified HTTP header matches one of the configured values, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of **Yes**. If the value of the specified HTTP header matches none of the configured values, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of **No**. ## Example To detect the most common browsers based on the `User-Agent` HTTP request header, configure an HTTP Header Authentication Selector instance as follows. 1. Enter these entries under **Match Expression**. | Browser | Expression | | ------- | ----------- | | Chrome | `*Chrome*` | | Firefox | `*Firefox*` | | Safari | `*Safari*` | 2. In the **Header Name** field, enter `User-Agent`.