The HTTP Request Parameter Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on query parameter values.
Use this selector in one or more authentication policies to choose from authentication sources that share a similar level of assurance, such as among multiple instances of the HTML Form Adapter or between a Kerberos Adapter instance and an X.509 Adapter instance. For example, use an instance of this selector to choose an authentication experience based on the reward program information indicated by a query parameter in the single sign-on (SSO) request.
Do not use this selector to determine whether an authentication source with a higher level of assurance should be bypassed because query parameters could potentially be forged.
Example
Suppose you enter three selector result values, Central
,
Eastern
, and Southern
, on the Selector
Result Values window, as illustrated in the following screen capture.
If you have not enabled any additional policy paths in step 4c, as you place this selector instance as a checkpoint in an authentication policy, three policy paths are extended from the selector instance, one for each of the configured selector result values.