java.lang.String lookupLocalUserId(
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
java.lang.String partnerIdpEntityId,
java.lang.String resumePath)
throws AuthnAdapterException, java.io.IOException
PingFederate invokes the lookupLocalUserId()
method during an SSO request when
the IdP connection is configured to use account linking but no account link for this
user is yet established. Once the account link is set, PingFederate maintains this
information until the user “defederates.” Defederation occurs when the user clicks a
link redirecting him/her to the /sp/defederate.ping PingFederate
endpoint.
The HttpServletResponse and resumePath objects are used to send the user to a local service where the user authenticates. After authentication, the user is redirected to the URL specified in the resumePath parameter and PingFederate completes the account link.
The following diagram illustrates a typical account-link sequence:
Use the HttpServletRequest to read a local session token. The
String object returned from the
lookupLocalUserId()
method should be a local user identifier.