The PingFederate SDK enables integration with identity providers (IdPs) and service providers (SPs). The SDK allows developers to build custom implementations for communicating authentication and security information between PingFederate and their enterprise environment.
This guide is for application developers and system administrators responsible for extending PingFederate, including development of:
- Authentication adapters to integrate web applications or identity-management systems
- Authentication selectors to direct single sign-on (SSO) authentication to instances of authentication adapters based on specified conditions
- WS-Trust Security Token Service (STS) token translators, including token processors and token generators
- Custom data source drivers
- Password credential validators
- Identity store provisioners
- Notification publishers
The PingFederate Java SDK consists of several APIs, including:
- Adapter and STS token-translator interfaces
- Authentication selector interfaces
- Custom data source interfaces
- Password credential validator interfaces
- Identity store provisioner interfaces
- Notification publisher interface
These interfaces allow users to create their own custom PingFederate plugins to suit their organization's needs. This SDK provides a means to develop, compile, and deploy custom plugins to PingFederate. The package also contains example plugins for reference. These example plugin projects are located in the <pf_install>/sdk/plugin-src directory.
The PingFederate SSO integration overview describes the prebuilt authentication adapters Ping Identity provides for integrating web applications and identity-management systems with PingFederate. Review this document before building your own adapter to see if an available adapter fits your use case.
Custom components might not work the same way after upgrading PingFederate. When upgrading, ensure you thoroughly retest the behavior of customizations in a non-critical upgraded environment.
Adapter and STS token-translator interfaces
The adapter and token-translator APIs enable PingFederate integration with IdPs or SPs. In addition to providing requisite runtime integration, adapter token-translator APIs are configurable UI plugins that allow you to render custom configuration windows.
Suitable adapter or token-translator implementations for your deployment might already exist. Before developing your own custom solution, see the Ping Identity Downloads website for available implementations.
Authentication selector interfaces
Authentication selectors provide a mechanism to choose among multiple authentication sources and to direct a user to use a particular adapter or IdP connections. For example, an authentication selector might map internal corporate users to use one adapter and map external non-corporate users to a different adapter. Authentication selectors are configurable UI plugins that allow you to render custom configuration windows.
Custom data source interfaces
The custom data source API is a set of Java interfaces that enable PingFederate to integrate with data stores not covered by existing Java Database Connectivity (JDBC) or LDAP drivers. This allows developers to retrieve attributes from their choice of data source during attribute fulfillment. Custom data source interfaces are configurable UI plugins that allow you to render custom configuration windows.
Password credential validator interfaces
The password credential validator interfaces allow developers to define credential validators that verify a given username and password in various contexts throughout the system. For example, credential validators are used to configure OAuth Resource Owner authorization grants and the HTML Form Adapter.
Identity store provisioner interfaces
Identity store provisioners provide a mechanism for provisioning and deprovisioning users to external user stores. For example, you can configure a custom identity store provisioner within an inbound provisioning IdP connection to provision users using the System for Cross-domain Identity Management (SCIM) protocol. Identity store provisioners are configurable UI plugins which allow you to render custom configuration windows.
Notification publisher interface
PingFederate delivers messages to administrators and end users based on notification
publisher settings. Developers can implement custom notification publishers using the
Ping Identity Global Client Services
If you need assistance in using the SDK, visit the Ping Identity Support website.
- Javadocs provide detailed reference information for developers. The Javadocs are located in the <pf_install>/pingfederate/sdk/doc directory.
- The PingFederate Administrator's Reference Guide provides background information and UI configuration details.
- The user guides for Java, .NET, and PHP integration kits show examples of SDK implementations.