Provides a mechanism to intercept a simple BIND and use PingID for MFA.
To use this plugin, it is strongly advised to always create a request criteria firstto ensure the PingID does not apply blindly to all BIND requests.
To do so, here a simple example:
dsconfig create-request-criteria
--criteria-name simple_PingID_request_criteria
--type simple
--set operation-type:bind
--set operation-origin:external-request
--set included-target-entry-dn:ou=people,dc=example,dc=com
Once a criteria has been created, you can create the plugin like so:
dsconfig create-plugin
--plugin-name PingID-on-simple-bind
--type third-party
--set enabled:false
--set plugin-type:preparsebind
--set extension-class:com.pingidentity.ds.plugin.PingIDOnSimpleBind
--set extension-argument:pingid-properties-file=/opt/in/pingid.properties
--set request-criteria:simple_PingID_request_criteria
Allowed Arguments
| Argument Name: | totp-length |
| Description: | totp code length(Default: 6) |
| Data Type: | Integer |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | totp-is-last |
| Description: | Indicates that the TOTP code should be appended after the password |
| Data Type: | Boolean |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | totp-enabled |
| Description: | Indicates that PingID TOTP code is enabled |
| Data Type: | Boolean |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | push-enabled |
| Description: | Indicates that the PingID push is enabled |
| Data Type: | Boolean |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | separator |
| Description: | The separator between the password to use for simple BIND authentication and the PingID marker(Default: ,) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | result-code |
| Description: | The result code to return to the client upon failure (Default: 49) |
| Data Type: | Integer |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | result-message |
| Description: | The result message to return to the client upon failure (Default: Invalid authentication request for PingID MFA) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | push-marker |
| Description: | The marker to use to indicate to the plugin to initiate a push notification (Default: push) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | pingid-properties-file |
| Description: | Path to the properties files containing the PingID connection settings |
| Data Type: | File Path |
| Is Required: | true |
| Maximum Occurrences: | 1 |
| Argument Name: | app-name |
| Description: | The application name (Default: ldap) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | auth-type |
| Description: | The type of online authentication (Default:CONFIRM) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |
| Argument Name: | pingid-username-attribute |
| Description: | The attribute to lookup in the user entry after successful simple BIND to get the PingID user name (Default:mail) |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |