PingFederate Server

SDK Developer’s Guide

The PingFederate Software Development Kit (SDK) enables integration with identity provider (IdP) and service provider (SP). The SDK allows your application developers and system administrators to build custom implementations for communicating authentication and security information between PingFederate and your enterprise environment.

You can find details about the SDK interfaces and classes in the PingFederate Server SDK.

Possible customizations

Extending PingFederate can include:

  • Authentication adapters to integrate web applications or identity-management systems.

  • Authentication selectors to direct single sign-on (SSO) authentication to instances of authentication adapters based on specified conditions.

  • WS-Trust Security Token Service (STS) token translators, including token processors and token generators.

  • Custom data source drivers.

  • Password credential validators.

  • Identity store provisioners.

  • Notification publishers.

The PingFederate Java SDK consists of several application programming interface (API), including:

  • Adapter and STS token-translator interfaces

  • Authentication selector interfaces

  • Custom data source interfaces

  • Password credential validator interfaces

  • Identity store provisioner interfaces

  • Notification publisher interface

These interfaces allow you to create your own custom PingFederate plugins to suit your organization’s needs. The SDK lets you develop, compile, and deploy custom plugins to PingFederate. The package also contains example plugins for reference. You can find these example plugin projects in the <pf_install>/sdk/plugin-src directory.

The PingFederate Integration overview describes the pre-built authentication adapters Ping Identity provides for integrating web applications and identity-management systems with PingFederate. Review this document before building your own adapter to see if an available adapter fits your use case.

Custom components might not work the same way after upgrading PingFederate. When upgrading, thoroughly retest the behavior of customizations in a non-critical upgraded environment.

Adapter and STS token-translator interfaces

The adapter and token-translator APIs let PingFederate integrate with IdPs or SPs. Adapter token-translator APIs are configurable UI plugins that provide required runtime integration and let you render custom configuration windows.

Suitable adapter or token-translator implementations for your deployment might already exist. Before developing your own custom solution, you can find available implementations on the Ping Identity Downloads website.

Authentication selector interfaces

Authentication selectors let you choose from multiple authentication sources and direct users to a particular adapter or IdP connection. For example, an authentication selector can map internal corporate users to use one adapter and map external non-corporate users to a different adapter. Authentication selectors are configurable UI plugins that let you render custom configuration windows.

Custom data source interfaces

The custom data source API is a set of Java interfaces that let PingFederate integrate with datastores not covered by existing glosary:gJDBC[] or glosary:gLDAP[] drivers. This lets you retrieve attributes from your choice of data source during attribute fulfillment. Custom data source interfaces are configurable UI plugins that let you render custom configuration windows.

Password credential validator interfaces

The password credential validator interfaces let you define credential validators that verify a given username and password in various contexts throughout the system. For example, you can use credential validators to configure OAuth Resource Owner authorization grants and the HTML Form Adapter.

Identity store provisioner interfaces

Identity store provisioners let you provision and deprovision users to external user stores. For example, you can configure a custom identity store provisioner within an inbound provisioning IdP connection to provision users using the System for Cross-domain Identity Management (SCIM) protocol. Identity store provisioners are configurable UI plugins that let you render custom configuration windows.

Notification publisher interface

PingFederate delivers messages to administrators and end users based on notification publisher settings. You can implement custom notification publishers using the NotificationPublisherPlugin interface.

Additional documentation

  • Javadocs provide detailed reference information. You can find the Javadocs in the <pf_install>/pingfederate/sdk/doc directory.

  • The user guides for Java, .NET, and PHP integration kits show examples of SDK implementations.