Field descriptions for the ID DataWeb IdP Adapter configuration screen.
| Field | Description |
|---|---|
| Client ID | The client ID provided to you by ID DataWeb. |
| Client Secret | The client secret provided to you by ID DataWeb. |
| ID DataWeb API Base URL | The URL of the the ID DataWeb API. Production:
Pre-production:
|
| Update Device Trust | When enabled, users can receive a boost to their the trust score for subsequent sign on
attempts with a given device. When a user signs on successfully after
being challenged with an "obligation" result from
ID DataWeb, PingFederate contacts the ID DataWeb API to mark the device as "trusted". You can
configure the amount and duration of the trust score boost in the
ID DataWeb admin console. The boost affects
the device, not the user account. This check box is cleared by default. |
| Update Device Trust API Key | The API key that PingFederate uses to communicate with the ID DataWeb API
when marking a device as "trusted". Applies only when Update
Device Trust is enabled. This field is blank by default. |
| Device Profiling Method |
Determines how the adapter handles session IDs and device profiling. Captured by this adapter – The ID DataWeb IdP Adapter creates a session ID. In authentication API mode, it provides the device profiling URL (including session ID) to the external web application. In direct authentication mode, it runs the device profiling script. Captured by a previous adapter – The ID DataWeb IdP Adapter looks for an existing session ID in an HTTP cookie. For more details, see Device profiling methods. If you completed the steps in Adding device profiling to an authentication page, select Captured by a previous adapter. Otherwise, select Captured by this adapter. The default value is Captured by this adapter. |
| Field | Description |
|---|---|
| Device Profiling Script URL | The URL of the ID DataWeb script that collects the device
profile during sign on. Applies only when Device Profiling
Method is set to Captured by this
adapter. Applies only with the "Direct authentication mode - Captured by this adapter" device profiling method. The default value is: https://content.maxconnector.com/fp/tags.js?org_id=716kkpe1&api_key=bvrbl1ev61nw7zq7&pageid=verify&session_id=${sessionId} |
| Device Profiling Timeout |
The amount of time in milliseconds that PingFederate waits for the device profiling script to collect device details. Applies only when Device Profiling Method is set to Captured by this adapter. The minimum value is The default
value is |
| Cookie Name | The name of the cookie that contains the identifier for the ThreatMetrix device
profile. Applies only when Device Profiling
Method is set to Captured by a previous
adapter. If you customized the name for the cookie in the optional Adding device profiling to an authentication page steps, enter the same name in this field. The default value is
|
| Failure Mode | When ID DataWeb is unavailable or an error occurs, this setting
determines whether the user’s sign-on attempt should fail or continue
with a pre-determined policy decision. For cases where the ID DataWeb API is unavailable or returns an error, we recommend that you allow users to continue to sign on by satisfying stricter authentication requirements. You can do this in your adapter configuration by setting the Failure mode to return the obligation result. Alternately, you can do this in your authentication policy by setting the Fail outcome of the ID DataWeb IdP Adapter instance as shown in Adding ID DataWeb policy decisions to your authentication policy. |
| Fallback Policy Decision Value | The risk result (for example, "obligation", "deny", or "unknown") to use in the
authentication policy when ID DataWeb is
unavailable or an error occurs, and Failure Mode
is set to Continue with fallback risk
result. The default value is
|
| Token API Endpoint | The ID DataWeb endpoint that issues access tokens. The default
value is |
| Verify API Endpoint | The ID DataWeb endpoint that performs one-time user
verification. The default value is
|
| Trust Device API Endpoint | The ID DataWeb endpoint that PingFederate contacts after a user
successfully signs on. Applies only when Update Device
Trust is enabled. The default value is
|
|
API Request Timeout |
The amount of time in milliseconds that PingFederate waits for the ID DataWeb API to respond to requests. A value of 0 disables the timeout. Note: Some ID DataWeb verification services have longer response times
than others. Test your specific configuration and adjust this value
based on the range of response times that you receive.
The default
value is |
|
Connection Timeout |
The amount of time in milliseconds that PingFederate allows to establish a connection with the ID DataWeb API. A value of 0 disables the timeout. The default
value is |
|
Proxy Settings |
Defines proxy settings for outbound HTTP requests. The default value is System Defaults. |
|
Custom Proxy Host |
The proxy server hostname to use when Proxy Settings is set to Custom. This field is blank by default. |
|
Custom Proxy Port |
The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default. |
|
Verify HTTPS Hostname |
When a connection is established with the ID DataWeb API, PingFederate matches the target hostname against the names stored inside the server's X.509 certificate. This security measure ensures that PingFederate is connecting to the correct server. This check box is selected by default. |