The CIDR Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the IP address of an incoming single sign-on request.
Use this selector in authentication policies to choose from authentication sources that share a similar level of assurance, such as among multiple HTML Form Adapter instances or between a Kerberos Adapter instance and an X.509 identity provider (IdP) Adapter instance. For example, use this selector in authentication policies to route internal requests to a Kerberos Adapter instance.
When you place this selector instance as a checkpoint in an authentication policy, it forms two policy paths: Yes and No. If the IP address of an incoming single sign-on (SSO) request matches one of the defined network ranges, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of Yes. If the IP address of an incoming SSO request matches none of the defined network ranges, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of No.