The basic responsibilities of the Agent are to filter requests to determine whether a request is for a protected resource:

  • If the request is for an unprotected resource, the Agent passes the request to the application.
  • If the request is for a protected resource, the Agent checks to see if there is a PingFederate session available and if it meets the policy for the session.
  • If a session exists and the session meets the policy for the request, then the Agent passes the request back to the application.
  • If a session does not exist, or if the existing session does not meet the session policy for that request, the Agent redirects the user’s browser through the PingFederate server to an Identity Provider (IdP) for authentication. After authentication, PingFederate redirects the user back to the protected resource with a valid session.