---
title: SDK Developer’s Guide
description: The PingFederate Software Development Kit (SDK) enables integration with identity provider (IdP) and service provider (SP). The SDK allows your application developers and system administrators to build custom implementations for communicating authentication and security information between PingFederate and your enterprise environment.
component: pingfederate
version: 13.1
page_id: pingfederate:sdk_developers_guide:pf_sdk_developers_guide
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/sdk_developers_guide/pf_sdk_developers_guide.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 4, 2023
section_ids:
  possible-customizations: Possible customizations
  adapter-and-sts-token-translator-interfaces: Adapter and STS token-translator interfaces
  authentication-selector-interfaces: Authentication selector interfaces
  custom-data-source-interfaces: Custom data source interfaces
  password-credential-validator-interfaces: Password credential validator interfaces
  identity-store-provisioner-interfaces: Identity store provisioner interfaces
  notification-publisher-interface: Notification publisher interface
  additional-documentation: Additional documentation
---

# SDK Developer's Guide

The PingFederate Software Development Kit (SDK) *(tooltip: \<div class="paragraph">
\<p>A set of tools that allows a developer to build a custom application that integrates with or connects to a platform or service.\</p>
\</div>)* enables integration with identity provider (IdP) *(tooltip: \<div class="paragraph">
\<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
\</div>)* and service provider (SP) *(tooltip: \<div class="paragraph">
\<p>In SAML, an entity that receives and accepts an authentication assertion issued by an IdP, typically for the purpose of allowing access to a protected resource.\</p>
\</div>)*. The SDK allows your application developers and system administrators to build custom implementations for communicating authentication and security information between PingFederate and your enterprise environment.

You can find details about the SDK interfaces and classes in the [PingFederate Server SDK](https://download.pingidentity.com/public/documentation/pingfederate/13.0/doc/index.html).

## Possible customizations

Extending PingFederate can include:

* Authentication adapters to integrate web applications or identity-management systems.

* Authentication selectors to direct single sign-on (SSO) *(tooltip: \<div class="paragraph">
  \<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
  \</div>)* authentication to instances of authentication adapters based on specified conditions.

* WS-Trust Security Token Service (STS) *(tooltip: \<div class="paragraph">
  \<p>An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services.\</p>
  \</div>)* token translators, including token processors and token generators.

* Custom data source drivers.

* Password credential validators.

* Identity store provisioners.

* Notification publishers.

The PingFederate Java SDK consists of several application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)*, including:

* Adapter and STS token-translator interfaces

* Authentication selector interfaces

* Custom data source interfaces

* Password credential validator interfaces

* Identity store provisioner interfaces

* Notification publisher interface

These interfaces allow you to create your own custom PingFederate plugins to suit your organization's needs. The SDK lets you develop, compile, and deploy custom plugins to PingFederate. The package also contains example plugins for reference. You can find these example plugin projects in the `<pf_install>/sdk/plugin-src` directory.

The PingFederate [Integration overview](../introduction_to_pingfederate/pf_integr_overview.html) describes the pre-built authentication adapters Ping Identity provides for integrating web applications and identity-management systems with PingFederate. Review this document before building your own adapter to see if an available adapter fits your use case.

|   |                                                                                                                                                                                      |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | Custom components might not work the same way after upgrading PingFederate. When upgrading, thoroughly retest the behavior of customizations in a non-critical upgraded environment. |

## Adapter and STS token-translator interfaces

The adapter and token-translator APIs let PingFederate integrate with IdPs or SPs. Adapter token-translator APIs are configurable UI plugins that provide required runtime integration and let you render custom configuration windows.

|   |                                                                                                                                                                                                                                                                                      |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|   | Suitable adapter or token-translator implementations for your deployment might already exist. Before developing your own custom solution, you can find available implementations on the [Ping Identity Downloads](https://www.pingidentity.com/en/resources/downloads.html) website. |

## Authentication selector interfaces

Authentication selectors let you choose from multiple authentication sources and direct users to a particular adapter or IdP connection. For example, an authentication selector can map internal corporate users to use one adapter and map external non-corporate users to a different adapter. Authentication selectors are configurable UI plugins that let you render custom configuration windows.

## Custom data source interfaces

The custom data source API is a set of Java interfaces that let PingFederate integrate with datastores not covered by existing Java database connectivity (JDBC) *(tooltip: \<div class="paragraph">
\<p>A Java API that allows Java programs to interact with databases.\</p>
\</div>)* or Lightweight Directory Access Protocol (LDAP) *(tooltip: \<div class="paragraph">
\<p>An open, cross platform protocol used for interacting with directory services.\</p>
\</div>)* drivers. This lets you retrieve attributes from your choice of data source during attribute fulfillment. Custom data source interfaces are configurable UI plugins that let you render custom configuration windows.

## Password credential validator interfaces

The password credential validator interfaces let you define credential validators that verify a given username and password in various contexts throughout the system. For example, you can use credential validators to configure OAuth *(tooltip: \<div class="paragraph">
\<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
\</div>)* Resource Owner authorization grants and the HTML Form Adapter.

## Identity store provisioner interfaces

Identity store provisioners let you provision and deprovision users to external user stores. For example, you can configure a custom identity store provisioner within an inbound provisioning IdP connection to provision users using the System for Cross-domain Identity Management (SCIM) *(tooltip: \<div class="paragraph">
\<p>An application-level, HTTP-based protocol for provisioning and managing user identity information. SCIM supplies a common schema for representing users and groups and provides a REST API.\</p>
\</div>)* protocol. Identity store provisioners are configurable UI plugins that let you render custom configuration windows.

## Notification publisher interface

PingFederate delivers messages to administrators and end users based on notification publisher settings. You can implement custom notification publishers using the `NotificationPublisherPlugin` interface.

## Additional documentation

* Javadocs provide detailed reference information. You can find the Javadocs in the `<pf_install>/pingfederate/sdk/doc` directory.

* The user guides for Java, .NET, and PHP integration kits show examples of SDK implementations.