The Cluster Node Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the PingFederate cluster node that is servicing the request in authentication policies.
For example, this selector allows you to choose whether Integrated Windows Authentication (IWA) is attempted based on the PingFederate cluster node with which a Key Distribution Center (KDC) is associated.
- Go to Selectors window. to open the
- On the Selectors window, click Create New Instance to start the Create Authentication Selector Instance workflow.
- On the Type tab, configure the basics of this authentication selector instance.
On the Authentication Selector window, select the
Field Value on which to branch policy paths. The
authentication selector provides a means of choosing authentication sources at
runtime based on the cluster node on which it is executing.
- Node Index
- Select Node Index to use the
pf.cluster.node.indexvalue specified in run.properties.
- Node Tag
- Select Node Tag to use the
node.tagsvalues specified in run.properties.
On the Selector Result Values window, specify the relevant
node index or node tag values.
Each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.
- In the Result Values field, enter a node index or node tag value based on your cluster configuration and click Add. This value should correspond to a node index or node tag of one of the engine nodes in the cluster.
Add more values to differentiate criteria for authentication selection.
Display order does not matter.
Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Click Delete to remove an entry.
Complete the configuration.
- On the Summary tab, click Done.
- On the Selectors window, click Save.