java.lang.String lookupLocalUserId(
    javax.servlet.http.HttpServletRequest req,
    javax.servlet.http.HttpServletResponse resp,     
    java.lang.String partnerIdpEntityId,     
    java.lang.String resumePath)     
    throws AuthnAdapterException, java.io.IOException

PingFederate invokes the lookupLocalUserId() method during an SSO request when the IdP connection is configured to use account linking but no account link for this user is yet established. Once the account link is set, PingFederate maintains this information until the user “defederates.” Defederation occurs when the user clicks a link redirecting him/her to the /sp/defederate.ping PingFederate endpoint.

The HttpServletResponse and resumePath objects are used to send the user to a local service where the user authenticates. After authentication, the user is redirected to the URL specified in the resumePath parameter and PingFederate completes the account link.

The following diagram illustrates a typical account-link sequence:

Use the HttpServletRequest to read a local session token. The String object returned from the lookupLocalUserId() method should be a local user identifier.