Hierarchical plugin configurations
PingFederate allows you to use a configuration of an adapter along with other PingFederate plugins as a parent instance for any created child instances.
After this, you can then modify the inherited configuration for child instances as needed. This feature provides easier management of adapter settings in cases where only small changes to an existing adapter or plugin configuration need to be made for a particular use case.
For example, different service provider (SP)-connection adapter instances might have their own identity provider (IdP) sign-on URLs, for branding or other application ownership reasons, while the majority of the other adapter configuration settings are the same. In this case, you might want to use a parent/child configuration to override the logon URLs.
Override adapter instances as part of mapping them into either SPor IdP connections for cases where overridden settings apply only to one particular connection configuration. |
Any changes to a parent configuration propagate to its child or connection-based configurations so long as the derived instance has not overridden the changes.
In addition to adapters, PingFederate allows you to create parent/child configurations for the following plugin types:
-
Token Translators (see Token processors and generators)
-
Access Token Management instances (see Access token management)
-
Password Credential Validators (see Password Credential Validators)
-
Identity Store Provisioners (see Configuring Identity Store Provisioners)