Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
The Java Integration Kit consists of two parts:
- The OpenToken Adapter, which runs within the PingFederate server
- The Agent Toolkit for Java, which resides within the Java application
The following figure shows a basic IdP-initiated SSO scenario in which PingFederate federation servers using the Java Integration Kit exist on both sides of the identity federation:
Sequence
- A user initiates an SSO transaction.
- The IdP application inserts user attributes into the Agent Toolkit for Java, which encrypts the data internally and generates an
OpenToken
. - A request containing the
OpenToken
is redirected to the PingFederate IdP server. - The server invokes the OpenToken IdP Adapter, which retrieves the
OpenToken
, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a Security Assertion Markup Language (SAML) assertion. - The SAML assertion is sent to the SP site.
- The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The Adapter encrypts the data internally and generates an
OpenToken
. - A request containing the OpenToken is redirected to the SP application.
- The Agent Toolkit for Java decrypts and parses the OpenToken and makes the user
attributes available to the SP Application. Note: PingFederate can be configured to look up additional attributes from either an IdP or SP data store. For more information, see Data Stores in the PingFederate documentation.