The Extended Property Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on a match found between a selector result value and an extended property value from the invoking browser-based SSO connections or OAuth client.
- Go to .
- On the Extended Propertieswindow, define a multivalued extended property, and name it configStatus.
- Create an SP connection with the following characteristics:
- On the Extended Properties window, add two values for the
configStatus extended property:
DEV
andTEST
. - On the Attribute Source Mapping window, map an
authentication policy contract to the service provider (SP) connection. The
policy contract name is
APC
.
- On the Extended Properties window, add two values for the
configStatus extended property:
- Create an instance of the Extended Property Authentication Selector with the
following characteristics:
- On the Type tab, name the selector instance
ExProps
. - On the Authentication Selector tab, select configStatus from the list.
- On the Selector Result Values tab, enter
DEV
andTEST
.
- On the Type tab, name the selector instance
- Create and activate the following identity provider (IdP) authentication policy.
ExtProps +--DEV | OpenToken | +--Fail: Done | +--Success: APC | +--TEST HTML +--Fail: Done +--Success: APC
Configure each
APC
to fulfill values obtained from its preceding adapter instance.
When processing SSO requests intended for this SP connection, because the policy engine
is able to match one of the populated property values, DEV
, from the SP
connection to the first selector result value, also DEV
, it will always
invoke the OpenToken IdP Adapter instance based on the DEV
policy path.
The TEST
policy path is never executed for this SP connection.
On the other hand, if you remove DEV
, an extended property value, from
the SP connection, the policy engine will route SSO requests intended for this SP
connection to the HTML Form Adapter instance based on the TEST
policy
path. The DEV
policy path is never executed for this SP connection.