The solution works by having a dedicated login adapter, such as the HTML Form Adapter, for each user population with their own session timeouts and configuring an Identifier First Adapter to determine which adapter each user group should be routed to. Setting an OGNL expression in the issuance criteria of the corporate adapter ensures that a non-corporate user cannot authenticate with the corporate adapter.


For this task, you must have created the login adapters for each user population and customized their session timeouts. To unify the user experience, you can create the non-corporate adapter as a child of the corporate parent adapter. The child adapter will inherit all of the parent’s settings, including any custom templates used for branding.


PingFederate 9.3 and later.