Search code examples
javasingle-sign-onpingfederate

How to send data from custom sp adapter to target application in ping federate

I have searched entire documentation of ping federate but in vain. I have an application running on localhost:8080.I have implemented a custom service provider adapter and deployed in ping federate server.I have configured the sp adapter to work with ssocircle idp.I am able to log the attributes from the idp in sp adapter in createAuthN method.I am initiating sso using /sp/ssostart.ping and sending a target resource.Now I want to send the attributes from the custom sp adapter to the target resource using post.

Solution

  • I have configured the sp adapter to work with ssocircle idp.I am able to log the attributes from the idp in sp adapter in createAuthN method.

    There may be a disconnect in what adapters do, versus connections, in PingFederate. A connection is a carrier of attributes to/from a partner outside your local "domain", while an adapter is a carrier of attributes between PingFederate and applications. That is, an IdP adapter is a method to get user attributes to PingFederate (after authentication), and an SP adapter is a method to get attributes from PingFed to an application (after SSO).

    Now I want to send the attributes from the custom sp adapter to the target resource using post.

    This is precisely the role of an adapter. What kind of adapter have you created? One that uses OpenToken? Reference adapter? Something else? If you have created something else, then your adapter is fully responsible for communicating the attributes to the SP Application (Target Resource). If you are using one of the integration kits we provide (like the Java Integration Kit, or the Agentless Integration Kit), we provide comprehensive examples of their use within their SDK directories.

    If you are doing it from scratch, your code will be responsible for the entirety. We do have the standard sdk directory in the server install, along with the doc. Sending the attributes received via POST would be done with standard Java methods... You could consider reviewing this method here on StackOverflow: How to send post form with java?

    I would recommend using one of our adapters, frankly, because Ping has done the heavy lifting for you already. Personally, I am a big fan of the agentless integration kit (using the reference adapter), as I feel it is more secure. It captures the attributes sent in by the IdP connection, and then provides the target resource with a "reference". The application then retrieves the attributes from PingFederate by sending that reference to a special endpoint, and gets the attributes in a JSON format. Here is a link to sample Java code for our agentless integration.