For example, this selector allows you to choose whether Integrated Windows Authentication (IWA) is attempted based on the PingFederate cluster node with which a Key Distribution Center (KDC) is associated.

  1. Go to Authentication > Policies > Selectors to open the Selectors window.
  2. On the Selectors window, click Create New Instance to start the Create Authentication Selector Instance workflow.
  3. On the Type tab, configure the basics of this authentication selector instance.
  4. On the Authentication Selector window, select the Field Value on which to branch policy paths. The authentication selector provides a means of choosing authentication sources at runtime based on the cluster node on which it is executing.
    Node Index
    Select Node Index to use the pf.cluster.node.index value specified in
    Node Tag
    Select Node Tag to use the node.tags values specified in
  5. On the Selector Result Values window, specify the relevant node index or node tag values.

    Each selector result value forms a policy path when you place this selector instance as a checkpoint in an authentication policy.

    1. In the Result Values field, enter a node index or node tag value based on your cluster configuration and click Add. This value should correspond to a node index or node tag of one of the engine nodes in the cluster.
    2. Optional: Add more values to differentiate criteria for authentication selection.

      Display order does not matter.

      Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Click Delete to remove an entry.

  6. Complete the configuration.
    1. On the Summary tab, click Done.
    2. On the Selectors window, click Save.