Hello IAM Learners
It is common to use claims based authentication in recent times for any SSO integrations using OAuth/OpenID connect standards.
For OAuth implementation in PingFederate, you could create multiple Access Token Manager and map it to adapter if you have multiple HTML adapters in the deployment, otherwise if you just single HTML Adapter used by all OAuth applications then you don't need any of these I am referring to below.
OAuth request coming from Application can be intercepted and processed in PingFederate using two approaches; OAuthSelector or HTTP Header selector. Both of these approaches requires to use Ping authentication policies.
OAuth Client Set Authentication Selector: All OAuth client IDs should be added in this selector as Client.
HTTP Request Parameter Name: All OAuth client IDs should be added in this selector as parameter values.
There is another selector OAuth Scope Authentication Selector that will be used for OAuth implementations if you have a requirement to trigger the authentication flow based on client scope.
No comments:
Post a Comment