See: Description
Note: Before you upgrade a production implementation of PingFederate customized with the SDK, test your customizations in a lower, upgraded environment first. Once you verify your customizations work as expected, make a backup of your original PingFederate implementation before removing from the server.
Package | Description |
---|---|
com.pingidentity.access |
Provides access to various objects contained within the main PingFederate application and engine.
|
com.pingidentity.adapter.htmlform | |
com.pingidentity.adapter.support | |
com.pingidentity.sdk |
Top level package for the PingFederate SDK.
|
com.pingidentity.sdk.accessgrant |
Provides the ability to create a custom Access Grant storage mechanism.
|
com.pingidentity.sdk.accessgrant.exception |
Exception classes related to the custom Access Grants storage mechanisms.
|
com.pingidentity.sdk.account | |
com.pingidentity.sdk.key |
Provides classes used to manage PingFederate's master key set.
|
com.pingidentity.sdk.locale |
Provides interfaces and helper classes to extend PingFederate's localization support.
|
com.pingidentity.sdk.notification |
A plugin interface, with associated classes, for creating custom notification publishers.
|
com.pingidentity.sdk.oauth20 |
A plugin interface, with associated classes, for issuing and validating access tokens.
|
com.pingidentity.sdk.oauth20.registration |
A plugin interface, with associated classes, for creating custom OAuth 2.0 client registration policies.
|
com.pingidentity.sdk.oobauth |
A plugin interface, with associated classes, for orchestrating out-of-band
authentication/authorization.
|
com.pingidentity.sdk.password |
A plugin interface for validating usernames and passwords.
|
com.pingidentity.sdk.provision |
The root package for the Identity Store Provisioner interfaces.
|
com.pingidentity.sdk.provision.exception |
Exception classes related to Identity Store Provisioner plugins.
|
com.pingidentity.sdk.provision.groups.request |
Request contexts related to Identity Store Provisioner group operations.
|
com.pingidentity.sdk.provision.groups.response |
Response contexts related to Identity Store Provisioner group operations.
|
com.pingidentity.sdk.provision.users.request |
Request contexts related to Identity Store Provisioner user operations.
|
com.pingidentity.sdk.provision.users.response |
Response contexts related to Identity Store Provisioner user operations.
|
com.pingidentity.sdk.template |
Provides classes used to render user-facing screens (e.g.
|
com.pingidentity.sdk.xml |
Provides classes used for XML handling.
|
com.pingidentity.sources |
Driver classes and interfaces not limited to any protocol.
|
com.pingidentity.sources.gui |
Contains protocol independent dynamic UI classes and interfaces.
|
org.sourceid.saml20.adapter |
Adapter classes and interfaces that are common across SAML2 roles (both IdP and SP).
|
org.sourceid.saml20.adapter.attribute |
Class representation for single and multi-value attribute values.
|
org.sourceid.saml20.adapter.conf |
Provides classes that are containers for configuration values entered by the user/administrator
via the PingFederate GUI administration console.
|
org.sourceid.saml20.adapter.gui |
Provides classes that enable an adapter to describe to PingFederate the way its GUI configuration
screen should look.
|
org.sourceid.saml20.adapter.gui.event |
Provides methods that can be implemented to support
custom actions that occur based upon UI events while
managing adapter instances.
|
org.sourceid.saml20.adapter.gui.validation |
Provides interfaces that can be implemented to provide
custom validation of data entered by administrators/users via the GUI.
|
org.sourceid.saml20.adapter.gui.validation.impl |
Provides implementations of some commonly needed field level validation.
|
org.sourceid.saml20.adapter.idp |
Identity Provider (IdP) role specific interfaces, classes, and sub-packages.
|
org.sourceid.saml20.adapter.idp.authn |
Identity Provider (IdP) role specific interfaces and classes for authentication adapters.
|
org.sourceid.saml20.adapter.sp |
Service Provider (SP) role specific interfaces, classes, and sub-packages.
|
org.sourceid.saml20.adapter.sp.authn |
Service Provider (SP) role specific interfaces and classes for authentication adapters.
|
org.sourceid.saml20.adapter.state |
HTTP Session like state functionality.
|
org.sourceid.saml20.authncontext |
Authentication context class references.
|
org.sourceid.util.log |
Provides access to the AttributeMap
|
org.sourceid.wstrust.plugin |
Interfaces, classes, and exceptions for token processors and generators.
|
org.sourceid.wstrust.plugin.generate |
Interfaces and classes for token generators.
|
org.sourceid.wstrust.plugin.process |
Interfaces, classes, and exceptions for token processors.
|
Package | Description |
---|---|
com.pingidentity.sdk.api.authn |
Contains the interface that must be implemented by plugins that support the Authentication API.
|
com.pingidentity.sdk.api.authn.common |
Contains "spec" classes for states, actions, and errors that are shared across multiple API-capable plugins.
|
com.pingidentity.sdk.api.authn.exception |
Contains exceptions that are used by the Authentication API SDK classes.
|
com.pingidentity.sdk.api.authn.model |
Contains the core set of models for the Authentication API.
|
com.pingidentity.sdk.api.authn.model.action |
Contains the models for various shared Authentication API actions.
|
com.pingidentity.sdk.api.authn.model.state |
Contains the models for various shared Authentication API states.
|
com.pingidentity.sdk.api.authn.spec |
Defines various "spec" classes for the Authentication API.
|
com.pingidentity.sdk.api.authn.util |
Defines various utility classes for handling Authentication API requests and generating responses.
|
The primary integration point for PingFederate is communicating authentication and security context information between the server and an external application or service. This is accomplished via the authentication adapters. Authentication adapter interfaces to be realized as well as numerous supporting classes can be found in the org.sourceid.saml20.adapter.** packages. The adapter interface(s) that need to be implemented are dependent on the SAML role that the PingFederate server will be functioning in.
PingFederate as a Service Provider
Operating PingFederate in the role of a SAML Service Provider (SP) requires that you have at least one
implementation of an SpAuthenticationAdapter
deployed on the server.
PingFederate as an Identity Provider
Operating PingFederate in the role of a SAML Identity Provider (IdP) requires that you have at least one
implementation of an IdpAuthenticationAdapter
deployed on the server.
Authentication Selectors can be used to aid in the decision of which IdP Authentication Adapter or IdP Connection should be used. The decision
can be based on the information made available via the parameters passed to the selectContext(...) method. An
Authentication Selector can return a result value which is mapped to a IdP Authentication Adapter or IdP Connection. Alternatively, an Authentication
Selector may return the desired IdP Authentication Source's ID. An Authentication Selector implementation uses the
AuthenticationSelector
interface.
The PingFederate Authentication API allows a client to retrieve the status of an authentication flow and
invoke authentication actions through an API endpoint. The Authentication API SDK packages allow developers to create IdP
adapters and selectors that are compatible with this API. The starting point for creating an API-capable plugin
is to implement the AuthnApiPlugin
interface. Implementing this interface
allows PingFederate to retrieve a description of the plugin's API, which is used to generate documentation.
A plugin's API description consists of the various authentication states the plugin supports, and the actions that are available
in each state. AuthnStateSpec
instances are used to define states in the
plugin's API description. AuthnActionSpec
instances are used to define
actions.
When processing an API GET request, a plugin uses AuthnApiSupport
to
return the AuthnState
instance for the current state.
For an API POST request, a plugin uses the same support class to determine the action that has been requested,
deserialize the model for the action, and return the AuthnState
instance
for the next state.
There are two integration points for the PingFederate STS. IdP Token Processors validate incoming security tokens. SP Token Generators issue security tokens for use in the local domain. Token translator interfaces to be realized as well as numerous supporting classes can be found in the org.sourceid.wstrust.plugin.** packages. The translator interface(s) that need to be implemented are dependent on the STS role that the PingFederate STS server will be functioning in.
PingFederate IdP Token Processor
Operating PingFederate in the role of a STS Identity Provider (IdP) requires that you have at least one
implementation of an TokenProcessor
deployed on the server.
PingFederate SP Token Generator
Operating PingFederate in the role of a STS Service Provider (SP) requires that you have at least one
implementation of an TokenGenerator
deployed on the server.
Password Credential Validators are used to verify a given username and password in various contexts throughout the system. For example, credential validators are used to configure OAuth Resource Owner authorization grants and the HTML Form IdP Adapter. The password credential validator interfaces allow developers to define custom credential validators.
A Password Credential Validator implementation uses the PasswordCredentialValidator
interface.
Other related interfaces are found in the com.pingidentity.sdk.password
package.
Identity Store Provisioners provide a mechanism for provisioning and deprovisioning users to external user stores. For example, a custom Identity Store Provisioner could be configured within an Inbound Provisioning IdP Connection to provision users using the SCIM protocol.
An Identity Store Provisioner implementation uses the IdentityStoreProvisioner
interface.
Other related interfaces are found in the com.pingidentity.sdk.provision
package.
The OAuth 2.0 interfaces enable customizations of several areas, including: access token processing, dynamic client registration, storage of clients and storage of persistent grants. Interfaces can be found in the com.pingidentity.sdk.oauth20
, com.pingidentity.sdk.oauth20.registration
and com.pingidentity.sdk.accessgrant
packages.
The Notification Publisher interface enables customization of notification delivery methods. Interface can be found in the com.pingidentity.sdk.notification
package.
The OOB Auth interface enables customization of ... (todo darina reword) methods. Interface can be found in the com.pingidentity.sdk.ciba
package.
The XML bean packages for the SAML 1.x, 2.0, and WS-Federation protocols are included to allow an administrator to customize Browser SSO protocol messages through OGNL expressions.
Copyright 2019 Ping Identity Corp. All rights reserved.