To implement a custom password credential validator, import the following Java packages:

  • org.sourceid.saml20.adapter.gui
  • org.sourceid.saml20.adapter.conf
  • org.sourceid.util.log
  • com.pingidentity.sdk
  • com.pingidentity.sdk.password

For each implementation, in addition to the methods described under Shared plugin interfaces, you must define the following method.

AttributeMap processPasswordCredential(String username,
  String password)   
  throws PasswordValidationException

This method takes a username and password and verifies the credential against an external source. If the credentials are valid, it returns an AttributeMap containing at least one entry representing the principal. If the credentials are invalid, then it returns null or an empty map. If the plugin was unable to validate the credentials (for example, due to an offline host or network problems), it returns a PasswordValidationException.

To enable password changes in a password credential validator, implement the com.pingidentity.sdk.password.ChangeablePasswordCredential interface.

To enable password resets in a password credential validator, implement the com.pingidentity.sdk.password.ResettablePasswordCredential interface.


Depending on your password management system, you might need additional system configuration to enable password changes. For example, you can change passwords in Active Directory only if LDAPS is enabled.