PingOne DaVinci IdP Adapter settings reference

Page created: 20 Jul 2023 |

Page updated: 27 Jul 2023

| 4 min read

Integration Integration Product PingFederate Language English Content Type Product documentation Audience Administrator

Field descriptions for the PingOne DaVinci IdP Adapter configuration screen.

Important:

If you're using an EU, Canada, or Asia DaVinci tenant, you must update the DaVinci API URL, DaVinci Auth URL, and DaVinci Widget URL. Replace .com with .eu for EU tenants, .ca for Canada tenants, or .asia for Asia tenants. Failure to do so results in an error in the PingFederate logs.

Standard fields
Field	Description
Company ID	The company ID that you noted in Adding an application in DaVinci.
Policy ID	The policy ID that you noted in Adding an application in DaVinci.
Flow Type	The type of DaVinci flow you're using: Widget-based flow or API-based flow. Widget-based flows are designed for user interaction. They can, for example, redirect the browser, present HTML forms or screens, prompt for MFA, or display a message. If your integration requires user interaction, select Widget-based flow. API-based flows run silently and don’t present any opportunity for user interaction. They execute more quickly than widget-based flows (when API-based flow is selected). API-based flows can, for example, run a risk analysis, check entitlements, or request an authorization policy decision. If your integration doesn’t require user interaction and must be highly performant, select API-based flow.
API Key	The API key that you noted in Adding an application in DaVinci.
Subject Attribute Path	The attribute from DaVinci to use as the subject in the contract. Map using JSON Pointer (RFC 6901) syntax.

Advanced fields
Field	Description
Additional Properties Attribute	The name of the attribute that contains the additional properties from DaVinci. The default value is `additionalProperties`.
Nonce Attribute Path	The attribute sent back from PingOne DaVinci for nonce validation. Map using JSON Pointer (RFC 6901) syntax. The default value is `/parameters/nonce`.
HTML Template	Identifies the HTML template the adapter uses. If you customized the template file name in /server/default/conf/template, enter the new name here. The default value is `pingone-davinci.html`. Used for widget-based flows.
Messages File	Identifies the customizable language-pack file that the adapter uses. If you customized the language-pack file name in /server/default/conf/language-packs, enter the new name here. The default value is `pingone-davinci-messages`. Used for widget-based flows.
DaVinci API URL	The DaVinci API URL. The default value is `https://orchestrate-api.pingone.com/`.
DaVinci Auth URL	The DaVinci Auth base URL. The default value is `https://auth.pingone.com/`.
DaVinci Widget URL	The DaVinci widget JS URL. The default value is `https://assets.pingone.com/davinci/latest/davinci.js`. Used for widget-based flows. Note: To determine whether you need to add the DaVinci widget URL to the allow list for your content security policy (CSP) header, check the response-header-runtime-config.xml file in the `<pf_install>`/pingfederate/server/default/data/config-store directory. For more information, see this support article.
Authorization Callback Endpoint	The PingFederate endpoint that DaVinci uses to respond to authorization requests. Note: The Application Return To URL setting in the DaVinci connector configuration is `<PingFederate Base URL>/ext/<Authorization Callback Endpoint>`. The default value is `/davinci-authn`. Used for widget-based flows.
Service Unavailable Failure Mode	Determines whether the adapter should block the user's sign-on attempt or bypass when the adapter is unable to access PingOne. Important: Setting to bypass could result in a security risk if the flow is not configured properly.
API Request Timeout	The amount of time in milliseconds that PingFederate waits for DaVinci to respond to requests. A value of `0` disables the timeout. The default value is `5000`.
Proxy Settings	Defines proxy settings for outbound HTTP requests. The default value is System Defaults. Note: To confirm whether or not you are using an outbound proxy, check the run.properties file of your PingFederate instance. Outbound proxies are defined by host name and port using the http.proxyHost and http.proxyPort parameters (and their HTTPS equivalents). If an outbound proxy is configured, select Custom and specify the host name and port in Custom Proxy Host and Custom Proxy Port, respectively.
Custom Proxy Host	The proxy server host name to use when Proxy Settings is set to Custom. This field is blank by default.
Custom Proxy Port	The proxy server port to use when Proxy Settings is set to Custom. This field is blank by default.

PingOne DaVinci IdP Adapter settings reference - PingFederate

PingOne DaVinci Integration Kit