cis14: early peek at pingfederate administrative rest api
DESCRIPTION
John DaSilva, Ping Identity Scott Tomilson, Ping Identity Demonstration of the REST API for automating PingFederate configuration tasks, providing a close-up look at what is there now and maybe even a peek into what is comingTRANSCRIPT
PINGFEDERATE ADMINISTRATIVE APIS Scott Tomilson – Technical Product Manager John DaSilva – Technical Training
Confidential — do not distribute
PingFederate Overview
PingFederate – Some History …
Administration
Administration
Administration
API Interfaces
• Integration Kits – OpenToken (Java / .NET), Agentless (REST API)
• PingFederate SDK – Custom Adapters, Data Sources, PCVs, etc.
• SSO Directory Service • Connection Management Service • OAuth Client Management Service • copyconfig Services
Administration
Integration
PingFederate Administrative APIs
APIs
Self-Service
Common Admin
Config Scaling
Config Mgmt
Focus Areas • Self-Service – provide
partners and developers with tools to administer themselves
• Common Admin – to support PingAccess and other add-on components
• Config Scaling – to enable deployments into the 1,000's of connections
• Config Management – to improve migration as well as auto-administer connections
PingFederate Administrative API’s
• REST-based API’s • Flexible Authentication Options • Centralized Authorization Model
– Based on existing delegated admin model, with planned future expansions
• Validation and Error Handling model comparable to Admin UI • API audit trail • Consistent API modeling across all Ping Products
Interactive API Documentation
Interactive API Documentation
Interactive API Documentation
Interactive API Documentation
Platform Centric
PingAccess PingFederate
Platform Centric
PingAccess PingFederate
How we’re using APIs at Ping …
Confidential — do not distribute
DEMO
Copyright © 2014 Ping Identity Corp. All rights reserved. 17
Q4 ‘13 / Q1 ‘14 Q2 ‘14 2H 2014 2015
Interactive API Documentation
Auditing
Authentication Basic Auth
IdP Connections SAML 2.0 Browser SSO
Certificate Management Signing Key Pairs
Server Settings Role Management
Federation Info
OAuth AS Settings
Adapter Mapping AT Mapping
Client Management OpenID Connect Policies
Clustering Status
Replication
Initial Public Release OAuth
AT Management Plugins
Adapters IdP / SP Adapters
Adapter Hierarchies
Configuration Archive Import / Export
IdP Connections Metadata Export
Certificate Management HTTPS Certificates
Trusted CA Certificates
Data Sources LDAP JDBC
Custom
Password Credential Validators
OAuth RO Grant Type Mapping
Authentication OAuth
Mutual TLS
IdP Connections Full Profiles & Protocols
SP Connections
Kerberos Realms
Server Settings
Licensing
Delegated Auth Fine-grained Entitlements
Future Releases
PingFederate API Roadmap
Delivered Designing Planning Legend:
7.2 R2 / 7.3 7.2 7.1 R2 / R3
What can you build today?
• Service Providers: – Self-Service SSO-enablement portal for IdPs (SAML 2)
– Custom certificate notification framework
• OAuth – Self-Service app registration (client, URLs, scopes) for
OAuth clients and OpenID Connect Relying Parties
THANK YOU!
Scott Tomilson – [email protected] John DaSilva – [email protected]