cis14: early peek at pingfederate administrative rest api

PINGFEDERATE ADMINISTRATIVE APIS Scott Tomilson – Technical Product Manager John DaSilva – Technical Training

Confidential — do not distribute

PingFederate Overview

PingFederate – Some History …

Administration

Administration

Administration

API Interfaces

•  Integration Kits –  OpenToken (Java / .NET), Agentless (REST API)

•  PingFederate SDK –  Custom Adapters, Data Sources, PCVs, etc.

•  SSO Directory Service •  Connection Management Service • OAuth Client Management Service • copyconfig Services

Administration

Integration

PingFederate Administrative APIs

APIs

Self-Service

Common Admin

Config Scaling

Config Mgmt

Focus Areas •  Self-Service – provide

partners and developers with tools to administer themselves

•  Common Admin – to support PingAccess and other add-on components

•  Config Scaling – to enable deployments into the 1,000's of connections

•  Config Management – to improve migration as well as auto-administer connections

PingFederate Administrative API’s

•  REST-based API’s •  Flexible Authentication Options •  Centralized Authorization Model

–  Based on existing delegated admin model, with planned future expansions

•  Validation and Error Handling model comparable to Admin UI •  API audit trail •  Consistent API modeling across all Ping Products

Interactive API Documentation

Interactive API Documentation

Interactive API Documentation

Interactive API Documentation

Platform Centric

PingAccess PingFederate

Platform Centric

PingAccess PingFederate

How we’re using APIs at Ping …

Confidential — do not distribute

DEMO

Copyright © 2014 Ping Identity Corp. All rights reserved. 17

Q4 ‘13 / Q1 ‘14 Q2 ‘14 2H 2014 2015

Interactive API Documentation

Auditing

Authentication Basic Auth

IdP Connections SAML 2.0 Browser SSO

Certificate Management Signing Key Pairs

Server Settings Role Management

Federation Info

OAuth AS Settings

Adapter Mapping AT Mapping

Client Management OpenID Connect Policies

Clustering Status

Replication

Initial Public Release OAuth

AT Management Plugins

Adapters IdP / SP Adapters

Adapter Hierarchies

Configuration Archive Import / Export

IdP Connections Metadata Export

Certificate Management HTTPS Certificates

Trusted CA Certificates

Data Sources LDAP JDBC

Custom

Password Credential Validators

OAuth RO Grant Type Mapping

Authentication OAuth

Mutual TLS

IdP Connections Full Profiles & Protocols

SP Connections

Kerberos Realms

Server Settings

Licensing

Delegated Auth Fine-grained Entitlements

Future Releases

PingFederate API Roadmap

Delivered Designing Planning Legend:

7.2 R2 / 7.3 7.2 7.1 R2 / R3

What can you build today?

• Service Providers: – Self-Service SSO-enablement portal for IdPs (SAML 2)

– Custom certificate notification framework

• OAuth – Self-Service app registration (client, URLs, scopes) for

OAuth clients and OpenID Connect Relying Parties

THANK YOU!

Scott Tomilson – stomilson@pingidentity.com John DaSilva – jdasilva@pingidentity.com