Field Description
Client Auth Port The port that PingFederate uses to validate client certificates. Enter the port number that you chose in Deploying the integration files.

This field is blank by default.

Client Auth Hostname

The PingFederate hostname that is configured to use client-certificate authentication.

This feature requires PingFederate 8.2 or later.

This field is blank by default.

Parse Client Cert Subject and Issuer DNS When enabled, the subject and issuer distinguished names (DN) in the client certificate are treated as separate attributes. This allows you to do the following:
  • Add subject or issuer DN attributes, such as CN or UID, to the adapter's extended contract.
  • Use the subject DN email attribute in the adapter's core contract.
  • Use Object-Graph Navigation Language (OGNL) expressions to extract other information from the X.509 certificate, as shown in Sample OGNL expressions.

This check box is selected by default.

Match Issuer DN In Client Cert Subject And Issuer DNs

Determines how PingFederate validates the issuer distinguished name (DN) for the client certificate.

When selected, the issuer DN is matched against the entries that are defined in the Constrain Acceptable Root Issuers section.

When cleared, the issuer DN is matched against the default top level certificate in the chain that is presented by the client.

This check box is cleared by default.

Field Description
Return Success On SLO When enabled, a "success" message is sent in response when the adapter receives a single logout (SLO) request.

SLO is not supported by this adapter and the user session is not terminated. This feature only prevents other sites from experiencing an SLO failure.

For details, see Known issues and limitations.

This check box is selected by default.

Authentication Context The value used to populate the "Authentication Context" field in the SAML token that PingFederate sends after validating the X.509 certificate.

Default - Sets the value to "TLSClient".

Policy OID - Sets the value to the identifier for the policy.

Custom - Sets based on the value you enter in the Custom Authentication Context field.

Custom Authentication Context The value used to populate the "Authentication Context" field in the SAML token. Applies when Authentication Context is set to Custom.

This field is blank by default.

Include Subject Alternative Name (SAN) When enabled, the adapter includes the following decoded SAN attributes from the X.509 certificate and makes them available in the attribute contract:
  • userPrincipalName
  • RFC822Name
  • fascn_sen
  • fascn_wo_sen
  • fascn_hex

This check box is cleared by default.