Ping One Authentication

Category: Modules
Subcategory: Authentication

Overview

Authenticate and manage your Mendix application users through Ping One! This module provides an OIDC based authentication integration to Ping Identity's Ping One Customer Identity Access Management platform (CIAM). Similar in purpose and function to both the OIDC and Mendix-SSO modules this module differs by being a kick-starter specifically Ping One & Ping Federation CIAM & Identity Federation integration initiatives and is not limited to Mendix Cloud hosting. Documented instructions are provided which walk you through setting up identity and application settings in the Ping One Administration Console and implementation steps in Mendix Studio pro.

Documentation

Description

Ping One Authentication Module allows your app to become an authentication client of your Ping One CIAM identity platform enterprise. 
Beyond providing SSO sign-on for customer login to your Mendix applications, the Ping One platform offers a wide array of other services geared towards secure and high quality experiences for customers and enterprise products through the platform itself. User registration, token/login session expiry, outside identity partners, federating log on, per application 1FA/2FA policy and login branding customization can all be performed via the Ping One console – simplifying client implementation and burden of maintaining functionality and security to the Ping One service.
 

In addition to enabling your application as a Ping One authentication client, the module serves as a starting point to place to administer user provisioning, app user account update and custom auth-data driven behavior in your application. The module also serves as a basis for customization of authentication processes should there be a need to host your own login pages, custom registration, or add another authentication service element not offered or not satisfactorily covered by the Ping One platform (E.g. Custom login screens, non-ping onboarding/registration or information service partner). 


Typical usage scenario

Authenticate and authorize your users in your Mendix application using Ping One credentials hosted by your identity management provider Ping One by Ping Identity.

 

Features and limitations

Configure a single active Ping One configuration. Federation and multiple login partners is possible through the Ping One service. 
See Ping One Authentication Module PDF documentation for further detail.

 

Dependencies

  • Mendix 8.18.7 + (Mendix 9 compatible)
  • OIDC Module & it’s dependencies
    • V1.0.0, V2.1.0 and V2.2.0 are supported by way of instructed modifications. These modifications are listed below and are included in the documentation.
    • Use V2.2.0 for new installations of the OIDC module
    • Install all OIDC dependencies per OIDC Module documentation for the selected version. These are the current dependencies (V2.2.0):
      •  Nanoflow Commons, Community Commons, Encryption, Native Mobile Resources
    • Link to the OIDC Module marketplace item is here

 

Installation and Configuration
Click here to download detailed instructions: Ping One Authentication Integration Instructions v1.0 Dated: 9/29/2021

Three main steps are required:

1. Install & Configure Pre-Requisite Marketplace Modules
2. Ping One Console – Provider Configuration
3. Ping One Integration Module – Module Configuration
 

Excerpt from the PDF documentation: 1.3 OIDC Module Modifications

 

  1. Oauth2 script – Change OIDC module OIDC.Oauth2 script to target microflow PingOne_Integration.WebCallBack & save the form. Delete the state and code parameters and then re-add these followed by a second save form action
     
  2. Delete the OIDC.Token_User association and place a new 1:1 association from OIDC.Token entity to Administration.Account. Set Access for Administrator of full rights to create, delete and read, write on all members. Allow the user context delete and read members objects.
     
  3. Exclude the following components from project
    1. 1 - Provisioning \ User Provisioning Examples 
      1. "Snip_Configuration"
    2. 2 - Login Flow \  b. Mobile 
      1. "Login_Mobile_Automatic"
      2. "Login_Mobile_Button"
    3. 4 - Logout
      1. "ACT_Logout"
    4. Implementation \ 0. Configuration \ Client Config
      1. "DS_ClientConfigHelper_Edit"
      2. "DS_ClientConfigHelper_New"
      3. "OIDC_Client_NewEdit"
      4. "Token_NewEdit"
    5. Implementation \ 1. Start Login \ In App Browser
      1. "OL_RegisterAndStartLogin"
    6. Implementation \ 1. Start Login \ Web View
      1. "ACT_OpenLoginInWebVew"
    7. Implementation \ 1. Start Login
      1. "OL_RegisterDeepLink"
      2. "SUB_RegisterMobileDeeplink"
    8. Implementation \ 2. Callback \ a. Web
      1.  "webCallback"
    9. Implementation \ 2. Callback \ b. Mobile \ Helpers
      1.  "HandleDeeplink"
      1.  "MobileCallback"
      2. "SUB_HandleLoginDeeplink"
    1. Implementation \ 2. Callback \ Shared
      1. "handleAuthorizationCode"
    2. Implementation \ 5. Logout
      1. "SUB_GetLogoutURL"
    3. Implementation \ 6. Utililties
      1. "GetOrCreateToken"
      1. "GetToken"

 

 

Releases

Version: 1.0.0
Framework Version: 8.18.7
Release Notes: Initial release. To be installed and configured with the aid of PDF document "Ping One Authentication Integration Instructions v1.0"