Password credential validators allow PingFederate administrators to define a centralized location for username/password validation, allowing validator instances to be referenced by various PingFederate configurations.
To implement a custom password credential validator, the following Java packages need to be imported:
-
org.sourceid.saml20.adapter.gui
-
org.sourceid.saml20.adapter.conf
-
org.sourceid.util.log
-
com.pingidentity.sdk
-
com.pingidentity.sdk.password
For each implementation, in addition to the methods described under Shared interfaces, you must define the following at a minimum:
AttributeMap processPasswordCredential(String username,
String password)
throws PasswordValidationException
This method takes a username and password and verifies the credential against an external
source. If the credentials are valid, then an AttributeMap is returned containing at least
one entry representing the principal. If the credentials are invalid, then
null
or an empty map is returned. A PasswordValidationException is
thrown if the plugin was unable to validate the credentials (for example, due to an offline
host or network problems).
To enable change password in a password credential validator, implement the
com.pingidentity.sdk.password.ChangeablePasswordCredential
interface.
To enable password reset in a password credential validator, implement the
com.pingidentity.sdk.password.ResettablePasswordCredential
interface.
Depending on your password management system, additional system configuration may be necessary to enable password changes—for example, passwords can be changed in Active Directory only if SSL is enabled.