The Cluster Node Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the PingFederate cluster node that is servicing the request in one or more authentication policies. For example, this selector allows you to choose whether Integrated Windows Authentication (IWA) is attempted based on the PingFederate cluster node with which a Key Distribution Center (KDC) is associated.
- Click Manage Authentication Selector Instances screen. to open the
- On the Manage Authentication Selector Instances screen, click Create New Instance to start the Create Authentication Selector Instance configuration wizard.
- On the Type screen, configure the basics of this authentication selector instance.
On the Authentication Selector screen, select the
Field Value on which to branch policy paths. The
authentication selector provides a means of choosing authentication sources at
runtime based on the cluster node on which it is executing.
- Node Index
- Select Node Index to use the
pf.cluster.node.indexvalue specified in run.properties.
- Node Tag
- Select Node Tag to use the
node.tagsvalues specified in run.properties.
On the Selector Result Values screen, specify the relevant
node index or node tag values.
Each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.
Enter a node index or node tag value based on your cluster configuration
under Result Values and click
This value should correspond to a node index or node tag of one of the engine nodes in the cluster.
Add more values to differentiate criteria for authentication selection.
Display order does not matter.
Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Click Delete to remove an entry.
- Enter a node index or node tag value based on your cluster configuration under Result Values and click Add.
To complete the configuration:
- Click Done on the Summary screen.
- Click Save on the Manage Authentication Selector Instances screen.