Note:

This procedure does not go into detail about creating a flow. See the other use cases for additional information about creating specific flows. The preparation steps apply regardless of the purpose of your flow.

This implementation method launches the flow in a new page. The user is redirected to the flow, which replaces the previous page and uses a DaVinci URL.

This implementation method is simple and does not require the addition of a widget to the page. It's also well-suited for any type of flow. Because the flow takes the entire page, you must design the flow to match your own branding and style.

Depending on the purpose of the flow, you might want to include a token connector, which directs PingOne to mint a token for the user.

You can reference information from PingOne in your flow. The format for this information is global.skOpenId.p1Oidc.<request object hierarchy>, where the hierarchy is taken from the request object schema.

The full request object schema for OIDC is:

   "p1Oidc": {
     "id": "<ID value>",
     "environment": {
       "id": "<environment ID value>"
     },
     "application": {
       "id": "<application ID value>"
     },
     "user": {
       "id": "<user ID value>"
     },
     "request": {
       "http": {
         "remoteIp": "<remote IP value>",
         "userAgent": "<user agent information>",
         "headers": {
           "Accept-Language": [
             "<language value>"
           ]
         }
       },
       "oidc": {
         "responseTypes": [
           "<response type>"
         ],
         "acrValues": [
           "<acr value>"
         ],
         "scopes": [
           "<scope value>"
         ],
         "parameters": {
           <One or more parameter-value pairs>

The full request object schema for SAML is:

“p1Oidc”: {
        “id”: “<ID value>”,
        “environment”: {
            “id”: “<environment ID value>"
        },
        “application”: {
            “id”: “<application ID value>”
        },
        “request”: {
            “http”: {
                “remoteIp”: “<remote IP value>”,
                “userAgent”: “<user agent information>”
            },
            “saml”: {
                “environmentId”: “<environment ID value>",
                “urlContext”: {
                    “environmentId”: “<environment ID value>”,
                    “customDomainHost”: "<custom domain host value>,
                    “hostUrl”: “<host URL value>”,
                    “authHostUrl”: “<URL value>”,
                    “idpEntityId”: “<IDP entity ID value>”,
                    “internalIdpEntityId”: “<internal IDP entity ID value>”,
                    “flowHeaders”: {
                        “X-Forwarded-Host”: “<host value>”
                    },
                    “host”: “<host name>”,
                    “customDomain”: <domain value>
                },
                “ssoInitialized”: <value>,
                “requestBinding”: <value>,
                “requestSigned”: <value>,
                “ssoRequest”: {
                    “requestId”: <ID value>,
                    “version”: <value>,
                    “issueInstant”: <value>,
                    “destination”: <value>,
                    “consent”: <value>,
                    “spEntityId”: “<security ID value>”,
                    “forceAuthn”: <value>,
                    “passive”: <value>,
                    “acsUrl”: “<value>”,
                    “acsBinding”: “<value>”,
                    “subject”: <value>,
                    “signed”: <value>,
                    “authnContextRef”: <value>
                },
                “application”: {
                    “id”: “<ID value>”,
                    “name”: “<name value>”,
                    “protocol”: “<value>”,
                    “enabled”: <value>,
                    “spEntityId”: “<value>”,
                    “acsBinding”: “<value>”,
                    “acsUrls”: [“<value>”],
                    “assertionDuration”: <value>,
                    “sloBinding”: “<value>”,
                    “assertionSigned”: <value>,
                    “responseSigned”: <value>,
                    “environment”: {
                        “id”: “<value>"
                    }
                },
                “user”: <user name value>,
                “relayState”: <value>,
                “idpIssuer”: “<issuer value>”,
                “attributes”: <value>
            }
        }
    }
}

For example, the following code references the remote IP:

global.skOpenId.p1Oidc.request.http.remoteIp
Note:

Any property you reference must be included by the configured scopes, as described in the Configuring an external IDP section.