This table describes the authentication challenge responses generated by PingAccess, based on its configuration and properties of the request.
An authentication challenge response is an HTTP response sent to a user agent (such as a web browser) by PingAccess, telling the user agent that the corresponding request did not contain a valid authentication token. Some responses also provide instructions to the user agent to obtain a valid authentication token such as an HTTP redirect response containing an encoded OIDC authentication request.
When onboarding new applications to PingAccess, the recommended configuration is
SPA Support = Enabled
, Request Preservation = POST and
Fragment
, and Fail on Unsupported Content Type = false
,
regardless of the behavior of the application. This configuration is displayed in the
first table.
PingAccess configuration | Request properties | Response characteristics | |||||
---|---|---|---|---|---|---|---|
SPA Support1 | Request Preservation2 | Fail on Unsupported Content Type3 | Method | Content Type | Accept Header Field | Response Code | Body Content |
Enabled | POST, POST and Fragment | Any | GET4 | Any |
NOT application/json |
401 | HTML |
Enabled | POST, POST and Fragment | Any | GET4 | Any | application/json | 401 | JSON |
Enabled | POST, POST and Fragment | false | POST | Any |
NOT application/json |
401 | HTML |
Enabled | POST, POST and Fragment | false | POST | Any | application/json | 401 | JSON |
1Configured on an application. In the Admin API, the field is spaSupportEnabled. In the UI, the field is SPA Support. See Adding an application for more information about this field. | |||||||
2Configured on a web session. In the Admin API, the field is requestPreservationType. In the UI, the field is Request Preservation. See Creating web sessions for more information about this field. | |||||||
3This option is only available through the Admin API. | |||||||
4Any non-POST method receives the same response as a GET. |
PingAccess configuration | Request properties | Response characteristics | |||||
---|---|---|---|---|---|---|---|
SPA Support1 | Request Preservation2 | Fail on Unsupported Content Type3 | Method | Content Type | Accept Header Field | Response Code | Body Content |
Disabled | None | Any | Any | Any | Any | 302 | None |
Disabled | POST | Any | GET4 | Any | Any | 302 | None |
Disabled | POST | Any | POST | application/x-www-form-urlencoded | Any | 200 | HTML |
Disabled | POST | false | POST |
NOT application/x-www-form-urlencoded |
Any | 302 | None |
Disabled | POST | true | POST |
NOT application/x-www-form-urlencoded |
Any | 415 | HTML |
Disabled | POST and Fragment | Any | GET4 | Any | Any | 200 | HTML |
Disabled | POST and Fragment | Any | POST | application/x-www-form-urlencoded | Any | 200 | HTML |
Disabled | POST and Fragment | false | POST |
NOT application/x-www-form-urlencoded |
Any | 302 | None |
Disabled | POST and Fragment | true | POST |
NOT application/x-www-form-urlencoded |
Any | 415 | HTML |
Enabled | None | Any | Any | Any |
NOT application/json |
401 | HTML |
Enabled | None | Any | Any | Any | application/json | 401 | JSON |
Enabled | POST, POST and Fragment | true | POST |
NOT application/x-www-form-urlencoded |
NOT application/json |
415 | HTML |
Enabled | POST, POST and Fragment | true | POST | application/x-www-form-urlencoded |
NOT application/json |
401 | HTML |
Enabled | POST, POST and Fragment | true | POST | Any | application/json | 401 | JSON |