Possible customizations

Extending PingFederate could include:

  • Authentication adapters to integrate web applications or identity-management systems
  • Authentication selectors to direct single sign-on (SSO) authentication to instances of authentication adapters based on specified conditions
  • WS-Trust Security Token Service (STS) token translators, including token processors and token generators
  • Custom data source drivers
  • Password credential validators
  • Identity store provisioners
  • Notification publishers

The PingFederate Java SDK consists of several APIs, including:

  • Adapter and STS token-translator interfaces
  • Authentication selector interfaces
  • Custom data source interfaces
  • Password credential validator interfaces
  • Identity store provisioner interfaces
  • Notification publisher interface

These interfaces allow users to create their own custom PingFederate plugins to suit their organization's needs. This SDK provides a means to develop, compile, and deploy custom plugins to PingFederate. The package also contains example plugins for reference. These example plugin projects are located in the <pf_install>/sdk/plugin-src directory.

The PingFederate Integration overview describes the pre-built authentication adapters Ping Identity provides for integrating web applications and identity-management systems with PingFederate. Review this document before building your own adapter to see if an available adapter fits your use case.

Important:

Custom components might not work the same way after upgrading PingFederate. When upgrading, ensure you thoroughly retest the behavior of customizations in a non-critical upgraded environment.

Adapter and STS token-translator interfaces

The adapter and token-translator APIs enable PingFederate integration with IdPs or SPs. Adapter token-translator APIs are configurable UI plugins that provide requisite runtime integration and allow you to render custom configuration windows.

Note:

Suitable adapter or token-translator implementations for your deployment might already exist. Before developing your own custom solution, see the Ping Identity Downloads website for available implementations.

Authentication selector interfaces

Authentication selectors provide a mechanism to choose among multiple authentication sources and to direct a user to use a particular adapter or IdP connections. For example, an authentication selector might map internal corporate users to use one adapter and map external non-corporate users to a different adapter. Authentication selectors are configurable UI plugins that allow you to render custom configuration windows.

Custom data source interfaces

The custom data source API is a set of Java interfaces that enable PingFederate to integrate with datastores not covered by existing Java Database Connectivity (JDBC) or LDAP drivers. This allows developers to retrieve attributes from their choice of data source during attribute fulfillment. Custom data source interfaces are configurable UI plugins that allow you to render custom configuration windows.

Password credential validator interfaces

The password credential validator interfaces allow developers to define credential validators that verify a given username and password in various contexts throughout the system. For example, credential validators are used to configure OAuth Resource Owner authorization grants and the HTML Form Adapter.

Identity store provisioner interfaces

Identity store provisioners provide a mechanism for provisioning and deprovisioning users to external user stores. For example, you can configure a custom identity store provisioner within an inbound provisioning IdP connection to provision users using the System for Cross-domain Identity Management (SCIM) protocol. Identity store provisioners are configurable UI plugins that allow you to render custom configuration windows.

Notification publisher interface

PingFederate delivers messages to administrators and end users based on notification publisher settings. Developers can implement custom notification publishers using the NotificationPublisherPlugin interface.

Additional documentation

  • Javadocs provide detailed reference information for developers. The Javadocs are located in the <pf_install>/pingfederate/sdk/doc directory.
  • The user guides for Java, .NET, and PHP integration kits show examples of SDK implementations.