The HTTP Header Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found in a specified HTTP header.
Use this selector in one or more authentication policies to choose from authentication sources that share a similar level of assurance, such as among multiple HTML Form Adapters or between a Kerberos Adapter and an X.509 Adapter. For example, use this selector to choose an authentication source based on the user's browser identified by the User-Agent HTTP header.
Do not use this selector to determine whether an authentication source with a higher level of assurance should be bypassed because HTTP request headers could potentially be forged.
When you place this selector instance as a checkpoint in an authentication policy, it forms two policy paths: Yes and No. If the value of the specified HTTP header matches one of the configured values, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of Yes. If the value of the specified HTTP header matches none of the configured values, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of No.
Example
To detect the most common browsers based on the User-Agent HTTP request header, configure an HTTP Header Authentication Selector instance as follows.
- Enter these entries under Match Expression.
Browser Expression Chrome *Chrome*
Firefox *Firefox*
Safari *Safari*
- In the Header Name field, enter
User-Agent
.