Page created: 12 Sep 2019
|
Page updated: 19 Mar 2020
The Session Authentication Selector enables PingFederate to choose a policy path at runtime based on whether the user already has a PingFederate authentication session for a particular source. The following sample setup demonstrates one of the common use cases.
You are tasked to enforce authentication requirements on two categories of SP connections:
- For high-value connections, users must authenticate via the X.509 Adapter followed by the PingID Adapter.
- For low-value connections, users can authenticate via the HTML Form Adapter or the X.509 Adapter followed by the PingID Adapter.
You have already created the following components:
- An authentication policy contract.
- Multiple SP connections. All connections use the same authentication policy contract as their sole authentication source.
- Instances of the required adapters.
- An instance of the Connection Set Authentication Selector to isolate high-value connections from the rest of the connections.
To fulfill this use case, follow these configuration steps:
- Go to the screen.
-
Create an instance of the Session Authentication Selector to account for
authentication sessions acceptable for low-value connections.
- Go to the screen.
-
Define an authentication policy for high-value connections.
-
Define an authentication policy for low-value connections.
- Click Save to keep the newly configured authentication policies.