Use the following sample setup to configure one of the common use cases where you have two categories of service providers (SPs).
For this sample use case, you must have the following components:
- An authentication policy contract
- Multiple SP connections. All connections use the same authentication policy contract as their sole authentication source
- Instances of the required adapters
- An instance of the Connection Set Authentication Selector to isolate high-value connections from the rest of the connections
The Session Authentication Selector enables PingFederate to choose a policy path at runtime based on whether the user already has a PingFederate authentication session for a particular source..
You need to enforce authentication requirements on two categories of service provider connections:
- For high-value connections, users must authenticate using the X.509 Adapter followed by the PingID Adapter.
- For low-value connections, users can authenticate using the HTML Form Adapter or the X.509 Adapter followed by the PingID Adapter.
To fulfill this use case, follow these configuration steps.
- Go to .
-
Create an instance of the Session Authentication Selector to account for
authentication sessions acceptable for low-value connections.
- Go to .
-
On the Policies window, define an
authentication policy for high-value connections.
-
Define an authentication policy for low-value connections.
- To keep the newly configured authentication policies, click Save.