Initial user authentication is normally handled outside of the PingFederate server using an application or an IdM system authentication module. Adapters or agents from PingFederate integration kits are typically used to integrate with these local authentication mechanisms.
PingFederate packages an HTTP Basic Adapter that delegates user authentication to a Password Credential Validator (PCV); for example, an LDAP Username PCV. This authentication mechanism validates credentials against a user repository via an instance of a PCV. Multiple PCV instances may be added to an instance of the HTTP Basic Adapter to validate against multiple user repositories, in which case PingFederate falls to the subsequent PCV instance if the previous PCV instance fails to validate the user credentials.
When PingFederate receives an authentication request and the use case is associated with an HTTP Basic Adapter instance, PingFederate invokes the adapter if it does not find a valid authentication session. If the HTTP Basic Adapter does not finds a valid adapter session, it prompts the user for credentials.
-
urn:oasis:names:tc:SAML:1.0:am:unspecified
for SAML 1.x -
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
for SAML 2.0