Applications represent the protected web applications and APIs that receive client requests.
Applications consist of one or more resources, have a common virtual host and context root, and correspond to a single target site. Applications use a common web session and identity mapping. Apply access control and request processing rules and their resources on the Policy Manager window to protect them. Applications can be protected by a PingAccess gateway or a PingAccess agent. In a gateway deployment, the target application is specified as a site. In an agent deployment, the application destination is an agent.
- Web
- API
- Web + API
Use the Policy Manager window to define the applications which PingAccess protects and to which client requests are ultimately forwarded. Use resources to partition the application into areas requiring distinct access control. Each application contains at least a root resource. The combination of virtual server and context root must be unique for each application.
About SPA support
SPA support merges the conventional 401
unauthorized response of an
API application with the traditional 302
redirect response of a web
application when a client request does not contain an authentication token.
The SPA supported result is a 401
response containing a JavaScript
body that can initiate a 302
redirect. API clients will ignore the
JavaScript body and react appropriately to the 401
response.
However, browser clients will disregard the 401
response and
execute the JavaScript body, resulting in a redirect to the token provider to
authenticate. Since clients self-select the portion of the response they are
prepared to process, the result is a seamless authentication experience regardless
of the client type.
SPA support applies to API and Web + API applications. When SPA support is enabled for Web + API applications, where a variety of client types are expected to communicate with the application, a fallback type is no longer required since both web and API clients are properly redirected to authenticate by the same response. For Web applications, authentication challenge responses fulfill the same role. See Authentication for more information.
It might also benefit Web or API application types, for example, if a new version of a web application contains JavaScript framework components to call APIs. In this case, SPA support can help mitigate issues in responding to different client types for authentication, but it will not enable the full features of the other application type. You would need to migrate the application to a Web + API configuration in order to take advantage of the full functionality, such as for authentication, rules, or identity mapping.
For additional guidance in preparing a SPA to work with PingAccess, see the SPA developer's guide in the PingAccess resources on github. This guide contains a sample application before and after onboarding.