Field descriptions for the ID DataWeb IdP Adapter configuration screen.
| Field | Description |
|---|---|
|
Client ID |
The client ID provided to you by ID DataWeb. |
|
Client Secret |
The client secret provided to you by ID DataWeb. |
|
ID DataWeb API Base URL |
The URL of the the ID DataWeb API. Production: Pre-production:
|
|
Update Device Trust |
When enabled, users can receive a boost to their the trust score for subsequent sign on attempts with a given device. When a user signs on successfully after being challenged with an "obligation" result from ID DataWeb, PingFederate contacts the ID DataWeb API to mark the device as "trusted." You can configure the amount and duration of the trust score boost in the ID DataWeb admin console. The boost affects the device, not the user account. This check box is cleared by default. |
|
Update Device Trust Using User Consent |
When the user selects This is my device in a previous adapter, such as the HTML form adapter, PingFederate contacts the ID DataWeb API after the user signs on to mark the device as "trusted" for subsequent sign on attempts. This setting works in conjunction with the Update Device Trust setting. If you do not select Update Device Trust, Update Device Trust Using User Consent will not mark the device as trusted. This check box is cleared by default. |
|
Update Device Trust API Key |
The API key that PingFederate uses to communicate with the ID DataWeb API when marking a device as "trusted". Applies only when Update Device Trust is enabled. This field is blank by default. |
|
Device Profiling Method |
Determines how the adapter handles session IDs and device profiling. Captured by this adapter – The ID DataWeb IdP Adapter creates a session ID. In authentication API mode, it provides the device profiling URL (including session ID) to the external web application. In direct authentication mode, it runs the device profiling script. Captured by a previous adapter – The ID DataWeb IdP Adapter looks for an existing session ID in an HTTP cookie. For more details, see Device profiling methods. If you completed the steps in Adding device profiling to an authentication page, select Captured by a previous adapter. Otherwise, select Captured by this adapter. The default value is Captured by this adapter. |
| Field | Description |
|---|---|
|
Device Profiling Script URL |
The URL of the ID DataWeb script that collects the device profile during sign on. Applies only when Device Profiling Method is set to Captured by this adapter. Applies only with the "Direct authentication mode - Captured by this adapter" device profiling method. The default value is:
|
|
Device Profiling Timeout |
The amount of time in milliseconds that PingFederate waits for the device profiling script to collect device details. Applies only when Device Profiling Method is set to Captured by this adapter. The minimum value is The default
value is |
|
Cookie Name |
The name of the cookie that contains the identifier for the ThreatMetrix device profile. Applies only when Device Profiling Method is set to Captured by a previous adapter. If you customized the name for the cookie in the optional Adding device profiling to an authentication page steps, enter the same name in this field. The default value is |
|
Failure Mode |
When ID DataWeb is unavailable or an error occurs, this setting determines whether the user’s sign-on attempt should fail or continue with a pre-determined policy decision. For cases where the ID DataWeb API is unavailable or returns an error, we recommend that you allow users to continue to sign on by satisfying stricter authentication requirements. You can do this in your adapter configuration by setting the Failure mode to return the obligation result. Alternately, you can do this in your authentication policy by setting the Fail outcome of the ID DataWeb IdP Adapter instance as shown in Adding ID DataWeb policy decisions to your authentication policy. |
|
Fallback Policy Decision Value |
The risk result (for example, "obligation", "deny", or "unknown") to use in the authentication policy when ID DataWeb is unavailable or an error occurs, and Failure Mode is set to Continue with fallback risk result. The default value is |
|
Token API Endpoint |
The ID DataWeb endpoint that issues access tokens. The default value is |
|
Verify API Endpoint |
The ID DataWeb endpoint that performs one-time user verification. The default value is |
|
Trust Device API Endpoint |
The ID DataWeb endpoint that PingFederate contacts after a user successfully signs on. Applies only when Update Device Trust is enabled. The default value is |
|
API Request Timeout |
The amount of time in milliseconds that PingFederate waits
for the ID DataWeb API to respond to requests. A value
of Note:
Some ID DataWeb verification services have longer response times than others. Test your specific configuration and adjust this value based on the range of response times that you receive. The default
value is |
|
Connection Timeout |
The amount of time in milliseconds that PingFederate allows to establish a connection with the ID DataWeb API. A value of 0 disables the timeout. The default
value is |
|
Proxy Settings |
Defines proxy settings for outbound HTTP requests. The default value is System Defaults. |
|
Custom Proxy Host |
The proxy server host name to use when Proxy Settings is set to Custom. This field is blank by default. |
|
Custom Proxy Port |
The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default. |
|
Verify HTTPS Hostname |
When a connection is established with the ID DataWeb API, PingFederate matches the target host name against the names stored inside the server's X.509 certificate. This security measure ensures that PingFederate is connecting to the correct server. This check box is selected by default. |