Developing password credential validators
Password credential validators allow PingFederate administrators to define a centralized location for username/password validation, allowing PingFederate configurations to reference validator instances.
To implement a custom password credential validator, import the following Java packages:
-
org.sourceid.saml20.adapter.gui
-
org.sourceid.saml20.adapter.conf
-
org.sourceid.util.log
-
com.pingidentity.sdk
-
com.pingidentity.sdk.password
For each implementation, in addition to the methods described under Shared plugin interfaces, you must define the following method.
AttributeMap processPasswordCredential(String username, String password) throws PasswordValidationException
This method takes a username and password and verifies the credential against an external source. If the credentials are valid, it returns an AttributeMap containing at least one entry representing the principal. If the credentials are invalid, then it returns null
or an empty map. If the plugin was unable to validate the credentials (for example, due to an offline host or network problems), it returns a PasswordValidationException
.
To enable password changes in a password credential validator, implement the com.pingidentity.sdk.password.ChangeablePasswordCredential
interface.
To enable password resets in a password credential validator, implement the com.pingidentity.sdk.password.ResettablePasswordCredential
interface.
Depending on your password management system, you might need additional system configuration to enable password changes. For example, you can change passwords in Active Directory only if LDAPS is enabled. |