The Extended Property Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found between a selector result value and an extended property value from the invoking browser-based SSO connections or OAuth client.
Example
- On the configStatus. screen, you defined a multivalued extended property; you named it
- You created an SP connection with the following characteristics:
- On the Extended Properties screen, you added two values
for the configStatus extended property:
DEV
andTEST
. - On the Attribute Source Mapping screen, you mapped an
authentication policy contract to the SP connection. The policy contract name
is
APC
.
- On the Extended Properties screen, you added two values
for the configStatus extended property:
- You created an instance of the Extended Property Authentication Selector with the
following characteristics:
- On the Type screen, you named the selector instance
ExProps
. - On the Authentication Selector screen, you selected configStatus from the list.
- On the Selector Result Values screen, you enter
DEV
andTEST
.
- On the Type screen, you named the selector instance
- You created and activated the following IdP authentication policy:
ExtProps +--DEV | OpenToken | +--Fail: Done | +--Success: APC | +--TEST HTML +--Fail: Done +--Success: APC
You configured each
APC
to fulfill values obtained from its preceding adapter instance.
When processing SSO requests intended for this SP connection, because the policy
engine is able to match one of the populated property values (DEV
)
from the SP connection to the first selector result value (also
DEV
), it will always invoke the OpenToken IdP Adapter instance
based on the DEV
policy path.
The TEST
policy path
is never executed for this SP connection.
On the other hand, if you remove DEV
(an extended property value)
from the SP connection, the policy engine will route SSO requests intended for this
SP connection to the HTML Form Adapter instance based on the TEST
policy path.
The DEV
policy path
is never executed for this SP connection.