PingOne Advanced Identity Cloud

SP adapter scripting API

The SP adapter script is a legacy script and therefore has access to all the legacy common bindings in addition to those described here.
Binding Description

authnRequest

The original authentication request sent from the SP.

Only available to single sign-on functions.

Refer to AuthnRequest.

binding

The binding used for the name identifier request: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect or urn:oasis:names:tc:SAML:2.0:bindings:SOAP

Not available to single sign-on functions.

failureCode

The failure code associated with the error that has occurred.

Possible values
Constant Value

SUCCESS

0

INVALID_RESPONSE

1

FEDERATION_FAILED_WRITING_ACCOUNT_INFO

3

SSO_FAILED_SESSION_ERROR

4

SSO_FAILED_ATTRIBUTE_MAPPING

5

SSO_FAILED_NO_USER_MAPPING

6

SSO_FAILED_AUTH_USER_INACTIVE

7

SSO_FAILED_AUTH_USER_LOCKED

8

SSO_FAILED_AUTH_ACCOUNT_EXPIRED

9

SSO_FAILED_SESSION_GENERATION

10

SSO_FAILED_META_DATA_ERROR

11

Only available to preSendFailureResponse.

hostedEntityId

The entity ID for the hosted SP.

idpEntityID

The entity ID for the IdP that sends the sign-on request.

idRequest

The ManageNameIDRequest object for the name identifier request.

Only available to postNewNameIDSuccess and postTerminateNameIDSuccess.

idResponse

The ManageNameIDResponse object for the name identifier request.

Only available to postNewNameIDSuccess and postTerminateNameIDSuccess.

isFederation

A boolean indicating whether federation is true if using federation, otherwise false.

Only available to the postSingleSignOnSuccess function.

logoutRequest

The single logout LogoutRequest.

Only available to preSingleLogoutProcess and postSingleLogoutProcess.

logoutResponse

The single logout LogoutResponse.

Only available to preSingleLogoutProcess and postSingleLogoutProcess.

out

The PrintWriter for writing to.

Only available to postSingleSignOnSuccess.

profile

The protocol profile used: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact or urn:oasis:names:tc:SAML:2.0:bindings:PAOS.

Available to preSingleSignOnProcess, postSingleSignOnSuccess, and postSingleSignOnFailure.

request

The HttpServletRequest object.

Always present.

response

The HttpServletResponse object.

Always present.

session

Contains a representation of the user’s single sign-on session object.

Refer to the SSOToken interface for information about SSO token and authentication information, as well as session-related properties.

Only available to postSingleSignOnSuccess.

spAdapterScriptHelper

The SpAdapterScriptHelper object contains supporting methods that provide context information when customizing the SP adapter extension points.

Always present.

ssoResponse

The SSO Response received from the Identity Provider.

Available to preSingleSignOnProcess, postSingleSignOnSuccess, and postSingleSignOnFailure.

userId

The unique universal ID of the user associated with the request.

Not available to single sign-on functions.

Copyright © 2010-2024 ForgeRock, all rights reserved.