PingFederate single sign-on (SSO) Directory Service allows applications to retrieve configuration data from a runtime PingFederate server. A PingFederate server in a cluster configured as an administrative console does not support this web service.
As of PingFederate 10.2, the SSO Directory Service has been deprecated and will be removed in a future release.
The SSO Directory Service lets web applications avoid storing and maintaining the data locally.These applications can retrieve the following types of data:
- A list of identity provider (IdP) partners
- A list of service provider (SP) partners
- A list of IdP adapter instances
- A list of SP adapter instances
The SSO Directory Service provides useful information for integrating an application with a PingFederate server. It is a way for the application to dynamically determine which partners can be used for SSO. This means applications do not need to be modified when new partners are configured in PingFederate.
You can find the WAR file for this module, pf-ws.war, in the pingfederate/server/default/deploy directory.
If you do not want to allow use of the service, remove the WAR file from the deploy directory.
The service endpoint is: pf-ws/services/SSODirectoryService.
You can retrieve the WSDL document describing this service from /pf-ws/services/SSODIrectoryService?wsdl.
You can retrieve a list using any of the following methods:
getIDPListreturns a list of active IdP connections configured for SP-initiated SSO. The list contains each IdP's connection ID and connection name.
getSPListreturns a list of active SP connections configured for IdP-initiated SSO. The list contains each SP's connection ID and connection name.Note:
For either IdP or SP lists, connection IDs are returned as values for the XML tag
<entityId>. Connection Names are returned as values for the XML tag <company>. For more information see SOAP request and response examples.
getAdapterInstanceListreturns a list of SP adapter instances containing an ID and name.
getIdpAdapterInstanceListreturns a list of IdP adapter instances containing an ID and name.Note:
These methods do not require input parameters.
The service is also available over HTTP. The query string for retrieving any of the lists is /pf-ws/services/SSODirectoryService?method=<method_name>.