I am new to Ping Federate and have a few questions. I am trying to understand from an architect's perspective a number of things around querying and APIs. I understand Ping Federate supports attribute-query request. This seems very much doable but only appears to work for querying additional attributes based on the current SAML instance.
What I am trying to understand is what options exist for querying a 'user list' or querying attributes for specific users? I need to check users for changes in specific attributes or have a means to be notified of changes to specific attributes. Based on the following somewhat related link, I believe it is not possible:
In PingFederate, is there an API to query a list of users and a list of groups?
But, I would think architecturally something like this should be possible. Is there a way to query PingFederate in the manner above? Or have it notify you of changes? Directly or indirectly?
Regards...
Attribute Query is not restricted to an ongoing user session if that's what you're worried about.
See here http://documentation.pingidentity.com/display/PF72/SP+Services#SPServices-1110907 for the endpoint that a PingFederate SP would use to execute an attribute query to a partner SAML IDP. The latter IDP may use PingFederate as an IDP (which I believe is what you're looking for) or any other SAML implementation that supports SAML Attribute Query.
Wrt. notifications: PingFederate implements the SCIM (http://www.simplecloud.info/) protocol for this purpose (http://documentation.pingidentity.com/display/PF72/Configuring+Outbound+Provisioning) so you could use that to get notifications.