The PingDirectory server provides support for passing through LDAP simple bind attempts to an external service for authentication processing, either instead of or in addition to the processing that it typically performs against the locally stored data. Use the Server SDK to implement support for custom pass-through authentication handlers for interacting with other types of external services.
To create a custom pass-through authentication handler, use the Server SDK. To configure your pass-through handler in the server:
Create an instance of a third-party pass-through authentication handler and set
extension-classproperty by running a command similar to the following.
dsconfig create-pass-through-authentication-handler \ --handler-name "<Example Handler>" \ --type third-party \ --set extension-class:<com.example.ExamplePassThroughAuthenticationHandler> \ --set extension-argument:<argName1=argValue1> \ --set extension-argument:<argName2=argValue2>
The third-party pass-through authentication handler supports the following configuration properties.
The fully-qualified name of the Java class that provides the custom pass-through authentication handler implementation. This class must be a subclass of
An optional set of name-value pairs that provide arguments needed to configure the custom pass-through authentication handler.
Set any further configuration needs, as determined by your custom
implementation, through the
After you have configured the third-party pass-through authentication handler,
configure a pluggable pass-through authentication plugin instance to use it,
using a command similar to the following.
dsconfig create-plugin \ --plugin-name "Pluggable Pass-Through Authentication" \ --type pluggable-pass-through-authentication \ --set enabled:true \ -- set "pass-through-authentication-handler:<Example Handler>"Note:
For more information about the configuration properties for the pluggable pass-through authentication plugin, see Working with pass-through authentication.