The PingFederate Java SDK consists of several application programming interfaces (APIs), including:
- Adapter and STS Token-Translator interfaces
- Authentication selector interfaces
- Custom data source interfaces
- Password Credential Validator interfaces
- Identity Store Provisioner interfaces
Each of these interfaces allows users to create their own plug-ins, customizing certain behaviors of PingFederate to suit an organization's needs. This SDK provides a means to develop, compile, and deploy custom plug-ins to PingFederate.
A number of example plug-ins are included in the PingFederate package for reference. The example projects are located in the <pf_install>/sdk/plugin-src directory.
Custom components might not work the same way after upgrading PingFederate. When upgrading, ensure you thoroughly retest the behavior of customizations in a non-critical upgraded environment.
Adapter and STS token-translator interfaces
The adapter and token-translator APIs enable PingFederate integration with IdPs or SPs. The APIs allow developers to build their own custom implementations for communicating authentication and security information between PingFederate and the enterprise environment.
Token-translator interfaces are applicable only to PingFederate versions 6.0 and higher.
In addition to providing requisite runtime integration, an adapter or token translator also describes its configuration parameters to PingFederate; this enables the administrative console to render configuration screens with extensible validation.
Suitable adapter or token-translator implementations for your deployment may already exist, or new implementations may be under development. Before developing your own custom solution, see the Ping Identity Downloads website for more information about currently available implementations.
Authentication selector interfaces
Authentication selectors provide a mechanism to choose among multiple authentication sources and to direct a user to use a particular adapter or IdP connection (for federation hub use cases), depending on the specified conditions. For example, an authentication selector may map internal corporate users to use one adapter, while it maps external non-corporate users to a different adapter.
Authentication selector interfaces are applicable only to PingFederate versions 6.6 and higher.
Authentication electors are configurable UI plug-ins, allowing you to render custom configuration screens.
Custom data source interfaces
The custom data source API is a set of Java interfaces that enable PingFederate to integrate with data stores not covered by existing JDBC or LDAP drivers. This allows developers to retrieve attributes from a data source of their choice during attribute fulfillment for various use cases. Similar to the adapter API, custom data source plug-ins also provide much of the same UI configuration functionality.
Password credential validator interfaces
The password credential validator interfaces allow developers to define credential validators that are used to verify a given username and password in various contexts throughout the system. For example, credential validators are used to configure OAuth Resource Owner authorization grants and the HTML Form Adapter.
Credential validator interfaces are applicable only to PingFederate versions 6.5 and higher.
Identity store provisioner interfaces
Identity Store Provisioners provide a mechanism for provisioning and deprovisioning users to external user stores. For example, a custom Identity Store Provisioner could be configured within an inbound provisioning IdP Connection to provision users using the SCIM protocol.
Identity Store Provisioner interfaces are applicable only to PingFederate versions 7.1 and higher.
Similar to the adapter API, Identity Store Provisioners are configurable UI plug-ins, allowing you to render custom configuration screens.
Ping Identity Global Client Services
If you need assistance in using the SDK, visit the Ping Identity Support website to see how we can help you with your application.