Skip to main content

How to configure custom password validator in PingFederate?

Requirement 

Use an existing oracle table (password is plain text) in PingFederate to validate user credential for authorization code flow.

Analysis

By default PingFederate supports the following password validators
  1. LDAP Username Password Credentials Validator
  2. PingOne Directory Password Credential Validaot
  3. RADIUS Username Password Credential Validator
  4. Simple Username Password Credential Validator
 


SQL password validator is not in the list. So how to use an existing oracle table to validate the user credentials.

Solution

Need to create SQL custom password validator (jar). You may also contact PingFederate support team for this.  

How to Configure Custom Password Validator?

  1. Stop PingFederate instance
  2. Copy the jar file (pf.plugins.password-credential-validator-sql-v2.jar) to the following folder on PingFederate server
                 <PingFederateInstall>/pingfederate/server/default/deploy/

      


    3. Restart PingFederate server

    4. Login to PingFederate admin console and select “Server Configuration >> Password Credential Validator

    5. Select “Create New Instance

    6. Now you would see an additional validator in the dropdown control. Select “SQL Password Credential Validator v2” for type and update necessary details then click “Next”.


   7. In “Instance Configuration”, update the following fields
  • Select desired data source from list for “JDBC DATASOURCE”. If hashing is not for password then select “None” for “HASH ALGORITHM”. 
  • Select “SQL Query” option box for “DATABASE QUERY TYPE”.
  • Provided necessary query to fetch username and password from user table in “DATABASE QUERY”
  • Ex: Select passwd, username from usermstr where userno=?


  • Even if hashing is not used for password, update “SALT COLUMN NAME” and “PASSWORD HASH COLUMN NAME” with column selected from previous query. (These two column can’t be left empty. It must be valid table column)




Now you may use this sql password validator in "HtmlLoginAdapter"

Labels:

Comments

Post a Comment

Popular posts from this blog

How to disable Swagger documentation?

Background   When I was developing foundational RESTful APIs (Web API) for one of our clients, swagger was our choice for documentation. Swagger provides interactive documentation feature with nice UI. Since we were developing only RESTful APIs, QA team members were using Swagger UI to test APIs. Suddenly there was a request from customer to disable swagger in production environment. Solution How to enable swagger? Install "Swashbuckle" nuget package into your WebAPI project.  This installation will add the following entries in "packages.config"   <package id=" Swashbuckle " version="5.5.3" targetFramework="net45" />   <package id=" Swashbuckle.Core " version="5.5.3" targetFramework="net45" /> " SwaggerConfig.cs " file will be added in " App_Start " folder Execute the project code. When the new browser window pops out, add " swagger/ui/...
1 comment
Read more

Unable to get authorization code from PingFederate

Problem I am using PingFederate as key manager for my API Manager. While requesting authorization code for an existing client and resource owner, it was showing the following error message "Server.log" shows the following message 2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA DEBUG [org.sourceid.websso.servlet.IntegrationControllerServlet] POST: https: <IP> /as/yVKcc/resume/as/authorization.ping 2016-12-13 11:34:03,363 tid:AOf2aORr5j9_X_PHbCTZu-toxwA INFO  [org.sourceid.websso.servlet.IntegrationControllerServlet] org.sourceid.websso.servlet.RenderPageException: Unable to resume processing because saved state was not found for key: BR6msnwXdx33oQX3imDRni_yVKcc - rendering state.not.found.error.page.template.html Background  1. I have following two OAuth clients configured in PingFederate  2. OAuth client "2" was created with the following configuration 3. Using the following url, authorization code was requested  ...
Post a Comment
Read more