Configuring an authentication policy
To use PingID as an authentication solution for Windows login with PingFederate, create an authentication policy contract and an authentication policy in PingFederate.
About this task
Steps
-
In PingFederate, create an authentication policy contract:.
For more information, see Policy Contracts.
-
Go to Policy Contracts:
-
PingFederate 10.1 or later: Go to Authentication → Policies → Policy Contracts.
-
PingFederate 10 or earlier: On the Identity Provider tab, in the Authentication Policies section, click Policy Contracts.
-
-
Click Create New Contract.
-
In theContract Name field, enter a meaningful name for the Windows login policy contract, and click Next.
-
In the Contract Attributes tab, for each attribute you want to add, in theExtend the Contract area, type the name of the attribute and then click Add. The subject, and winlogin.auth.response, attributes must be included.
-
Click Next, and then click Save.
-
-
Create a PingFederate authentication policy for Windows login authentication:
For more information, see Policies.
-
Go to Authentication Policies:
-
PingFederate 10.1 or later: Go to Authentication → Policies.
-
PingFederate 10 or earlier: On the Identity Provider tab, in the Authentication Policies section, click Policies.
-
-
In the Policies tab:
-
ensure theIdP Authentication Policies check box is selected, and then click Add Policy.
-
In the Name field, enter a meaningful name for the Windows login authentication policy.
-
From the Policy list, select IdP Adapters and then select the PingID Adapter instance for Windows that you created earlier. A branch is added to the PingFederate policy tree, and Fail and Success fields are added.
-
In the FAIL field, click Done.
-
In the Success field, select Policy Contract and then select the policy contract you created earlier.
-
Under the PingID Adapter Success field, click Contract Mapping, and then click Next.
-
In the Contract Fulfillment tab:
-
In the Adapter Contract subject row, in the Source field, select the PingID Adapter you created for Windows login, and in the Value field, select subject.
-
In the winlogin.auth.response row, in the Source field select the PingID Adapter you created for Windows login, and in the Value field, select winlogin.auth.response.
-
Click Next, and in the Issuance Criteria tab, click Next.
-
In the Summary tab, click Done.
-
-
In the Policy window, click Done.
Result:
The PingFederate authentication policy is saved.
-