--- title: Configuring the HTTP Request Parameter Authentication Selector description: The HTTP Request Parameter Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on query parameter values. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_configuring_http_request_parameter_authentication_selector canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_configuring_http_request_parameter_authentication_selector.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 8, 2024 section_ids: about-this-task: About this task steps: Steps example: Example --- # Configuring the HTTP Request Parameter Authentication Selector The HTTP Request Parameter Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on query parameter values. ## About this task Use this selector in one or more authentication policies to choose from authentication sources that share a similar level of assurance, such as among multiple instances of the HTML Form Adapter or between a Kerberos Adapter instance and an X.509 Adapter instance. For example, use an instance of this selector to choose an authentication experience based on the reward program information indicated by a query parameter in the single sign-on (SSO) request. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Do not use this selector to determine whether an authentication source with a higher level of assurance should be bypassed because query parameters could potentially be forged. | ## Steps 1. Go to **Authentication > Policies > Selectors** to open the **Selectors** window. 2. On the **Selectors** window, click **Create New Instance** to start the **Create Authentication Selector Instance** workflow. 3. On the **Type** tab, configure the basics of this authentication selector instance. 4. On the **Authentication Selector** tab, configure the applicable selector instance settings. 1. Enter the exact, case-sensitive name of the request parameter in the **HTTP Request Parameter Name** field. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The policy engine is capable of tracking HTTP request parameters that it receives from the initial request and making them available to selector instances throughout the policy. If you plan on using this selector instance as the second, or subsequent, checkpoint in at least one authentication policy, add the **HTTP Request Parameter Name** value on the **Tracked HTTP Parameters** window. For more information, see [Defining authentication policies](pf_defining_auth_policies.html). | 2. (Optional) To disable case-sensitive matching between the HTTP request parameter values from the requests and the **Match Expression** values specified on the **Selector Result Values** window, clear the **Case-Sensitive Matching** checkbox. | | | | - | ---------------------------------------------------------------- | | | The **Case-Sensitive Matching** checkbox is selected by default. | 3. (Optional) Enable policy paths to handle additional scenarios. For more information, see the following table. | Field | Description | | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Enable 'Any' Result Value | Each configured selector result value forms a separate authentication policy path.Select this checkbox if you want to enable a single policy path for the scenario where the HTTP request parameter value matches any one of the configured selector result values.This checkbox is not selected by default. | | Enable 'No Match' Result Value | Selector evaluation fails and the next applicable authentication policy is executed when the HTTP request parameter value does not match any of the configured selector result values.Select this checkbox if you want to enable a policy path to handle this scenario.This checkbox is not selected by default. | | Enable 'Not in Request' Result Value | Selector evaluation fails and the next applicable authentication policy is executed if the HTTP request parameter is not found.Select this checkbox if you want to enable a policy path to handle this scenario.This checkbox is not selected by default. | 5. On the **Selector Result Values** window, enter a request parameter value under **Result value**, and then click **Add**. | | | | - | ------------------------------------------------ | | | Wildcard entries are allowed, such as `*value*`. | | | | | - | ------------------------------------------------------------------------------ | | | A more specific match is a better match, and an exact match is the best match. | 6. (Optional) Repeat the previous step to add more request parameter values. Display order does not matter. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you have not enabled the **Any** policy path in [step 4c](#step-4-c), each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.If you have enabled the **Any** policy path, only one policy path is formed.Use the **Edit**, **Update**, and **Cancel** workflow to make or undo a change to an existing entry. Click **Delete** to remove an entry. | 7. Complete the configuration. 1. On the **Summary** tab, click **Done**. 2. On the **Selectors** window, click **Save**. ## Example Example Suppose you enter three selector result values, `Central`, `Eastern`, and `Southern`, on the **Selector Result Values** window, as illustrated in the following screen capture. ![A screen capture illustrating three result values: Central, Eastern, and Southern.](_images/chw1564003294824.png) If you have not enabled any additional policy paths in [step 4c](#step-4-c), as you place this selector instance as a checkpoint in an authentication policy, three policy paths are extended from the selector instance, one for each of the configured selector result values. ![A screen capture illustrating three policy paths.](_images/sfm1564003295400.png)