With growing numbers of internal and external users, and more enterprise resources available online, ensure that qualified users can access only those applications to which they have permission. A WAM environment provides authentication and policy-based access management while integrating with existing infrastructure.

The PingAccess agent plugin is installed on the web server hosting the protected web-based applications and configured to communicate with PingAccess server also deployed on the network. When the agent intercepts a client request to a protected web application resource, it performs the following actions:

  • Intercepts inbound requests to web applications
  • Sends agent requests to the PingAccess Policy Server sending along relevant request information needed by policy server
  • Receives agent responses from policy server and follows the instructions from policy server, modifies the request as specified, and allows the request to proceed to the target resource
  • Intercepts responses from the application and modifies response headers as instructed in the initial agent request to policy server
  • Relays responses on to the browsers

The PingAccess policy server listens for agent requests and performs the following actions:

  • Evaluates application and resource-level policies and validates the tokens in conjunction with an OpenID Connect (OIDC) Policy configured within PingFederate
  • Acquires the appropriate HTTP request header configuration from the associated identity mappings
  • Sends an agent response with instructions on whether to allow the request and how to modify the client request headers

The following sections describe sample proof of concept and production architectures for a WAM use case deployment: