The Cluster Node Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the PingFederate cluster node that is servicing the request in one or more authentication policies. For example, this selector allows you to choose whether Integrated Windows Authentication (IWA) is attempted based on the PingFederate cluster node with which a Key Distribution Center (KDC) is associated.

  1. Click Identity Provider > Selectors to open the Manage Authentication Selector Instances screen.
  2. On the Manage Authentication Selector Instances screen, click Create New Instance to start the Create Authentication Selector Instance configuration wizard.
  3. On the Type screen, configure the basics of this authentication selector instance.
  4. On the Authentication Selector screen, select the Field Value on which to branch policy paths. The authentication selector provides a means of choosing authentication sources at runtime based on the cluster node on which it is executing.
    Node Index
    Select Node Index to use the pf.cluster.node.index value specified in run.properties.
    Node Tag
    Select Node Tag to use the node.tags values specified in run.properties.
  5. On the Selector Result Values screen, specify the relevant node index or node tag values.

    Each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.

    1. Enter a node index or node tag value based on your cluster configuration under Result Values and click Add.

      This value should correspond to a node index or node tag of one of the engine nodes in the cluster.

    2. Optional: Add more values to differentiate criteria for authentication selection.

      Display order does not matter.

      Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Click Delete to remove an entry.

  6. To complete the configuration:
    1. Click Done on the Summary screen.
    2. Click Save on the Manage Authentication Selector Instances screen.