HYPR Documentation
HYPR User GuidePostman APILegacy WFALegacy SDK

HYPR PingFederate Plugin

Extensions

The HYPR Intelligent Extension for PingFederate, jointly built by HYPR and ProofID, utilizes PingFederate as an Identity Provider (IdP), which enables users to register devices and authenticate using password or biometric credentials. Within the Intelligent Extension, the HYPR IdP Adapter serves as a platform to register a biometric device after a user has been successfully authenticated via a password credential validator. After registering a device, a user can log in to the specified service provider (SP) using either password or biometric credentials.

System Requirements

This HYPR Intelligent Extension for PingFederate is designed and supported for HYPR Command Center and compliant with the PingFederate SSO IdP Server. The HYPR Integration Kit is compliant with PingFederate v7.x and above releases. Refer to PingFederate documentation for the specific system requirements for the specific version of PingFederate being integrated as the target hosting platform for the HYPR Intelligent Extension.

📘

The HYPR Intelligent Extension for PingFederate uses information from the PingFederate v8.3.1 Administration Console. Configuration information will vary slightly between versions of PingFederate; however, the HYPR IdP Adapter configuration will be the same.

Contact HYPR support to acquire the HYPR Client SDK (java-client-xxx.jar) JAR files.

Zip Manifest

The distribution ZIP file for the HYPR Intelligent Extension contains the following items: • /legal – Contains legal documents

  • Legal.pdf – Copyright and license information
  • License_Agreement.pdf – Click-through agreement
    • /docs – Contains the documentation needed to setup and use the HYPR IdP Adapter
  • HYPR-Integration-Kit-ReleaseNotes.pdf – Release notes
  • HYPR-Integration-Kit-UserGuide.pdf – This document
    • /dist – Contains the libraries needed to implement the HYPR IdP Adapter
  • pf.adapters.hypradapter.jar – HYPR IdP Adapter plug-in for PingFederate
    • /dist/conf/language-packs – Contains the language support packs for user interfaces
  • HYPR-messages.properties – English translation for out-of-the-box user templates
  • HYPR-messages_es.properties – Spanish translation for out-of-the-box user templates • /dist/conf/template – Contains the velocity templates needed for user interfaces
  • hypr.form.login.template.html – Login template
  • hypr.form.register.template.html – Device registration template
    • /dist/conf/template/assets/css – Contains the HYPR style sheet for velocity templates
  • hypr.css – HYPR style sheet for velocity templates

Authentication Overview

1029
  1. User attempts to access a protected web resource.
  2. User is redirected to PingFederate to authenticate.
  3. User enters Username to the PingFederate login page.
  4. HYPR IdP Adapter initiates authentication with the HYPR server.
  5. User uses biometric authentication to verify identity.
  6. HYPR mobile application sends authentication success response to server.
  7. HYPR server sends authentication success to PingFederate.
  8. PingFederate creates user login session.
  9. User is redirected to the protected web resource.

Installation and Setup

Integrating the HYPR IdP Adapter into a PingFederate server involves the following steps:
• Installing the HYPR IdP Adapter libraries, language packs, and templates onto a PingFederate server
• Configuring the HYPR IdP Adapter based on a specific use case

Installing the HYPR IdP Adapter

Perform the following steps to install the HYPR IdP Adapter:

  1. Log in as an administrator to the PingFederate server.

  2. Stop the PingFederate server if it is running.

  3. From the integration kit dist directory, copy the jar files and paste them into the specified PingFederate directory. Also copy the HYPR Client SDK JAR files to the same directory.
    <PF-install>/server/default/deploy/pf.adapters.hypradapter.jar
    <PF-install>/server/default/deploy/java-client-xxx.jar

  4. From the integration kit dist directory, copy the configuration files for language packs and templates, and paste them into the specified PingFederate directory. These files do not replace existing PingFederate configuration files; rather, they are used in addition to existing configuration files.
    <PF-install>/server/default/conf/language-packs/HYPR-messages.properties
    <PF-install>/server/default/conf/template/hypr.form.login.template.html
    <PF-install>/server/default/conf/template/hypr.form.register.template.html
    <PF-install>/server/default/conf/template/assets/css/hypr.css

  5. Start the PingFederate server.

Configuring the HYPR IdP Adapter

Perform the following steps to configure PingFederate with the HYPR IdP Adapter:

  1. Open a web browser and log in to the PingFederate Administration Console.
  2. In the console main menu, select IdP Configuration, then Adapters.
  3. On the Manage IdP Adapter Instances screen, click Create New Instance.
  4. On the Type screen, enter the following values:
  • Instance Name: Choose any name for identifying the adapter instance
  • Instance ID: Internal PingFederate ID that cannot contain spaces or non-alphanumeric characters
  • Type: HYPR Adapter 1.0
  1. At the bottom of the Type screen, click Next.
  2. On the IdP Adapter screen, click Add a new row to ‘Password Credential Validators’
  3. Select a password credential validator instance.
  4. Click Update.

📘

PINGFEDERATE

For more information about IdP adapters or how to setup a password credential validator, see the PingFederate
Administrator’s Manual:
http://documentation.pingidentity.com/display/PF/Administrator's+Manual

  1. On the IdP Adapter screen:
  • Add a new row to ‘Common Names for SP Entity IDs’
  • Select an SP entity ID
  • Provide an Application Name
  • Click Update

📘

(For information about how to setup an SP connection, see the PingFederate Administrator’s Manual.)
http://documentation.pingidentity.com/display/PF/Administrator's+Manual

  1. On the IdP Adapter screen, provide entries for each of the fields shown in the table below.
Field NameDescription
HYPR Base URLThe base URL for the HYPR API.
Application IDThe ID used to identify this application to the HYPR API.
Application NameThe name of the application.
HYPR Application Key (Long) Provided By HYPRThe application key located on the HYPR Dashboard under Keys.
HYPR Application Secret KeyThe HYPR application secret key located on the HYPR Dashboard.
Username Cookie DurationThe number of days the username cookie will remain active. A negative value indicates that the cookie will persist until the browser is shut down.
User ID Field NameThe field name for the user ID that is returned from the preceding IdP adapter in a Composite Adapter that is used for user authentication. Examples include ‘username’ from an HTML Form Adapter or ‘subject’ from an OpenToken Adapter.
HYPR Login TemplateThe HTML template (in <PF-install>/server/default/conf/template ) to render for a login.
HYPR Registration TemplateThe HTML template (in <PF-install>/server/default/conf/template ) to render for device registration.
Adapter Integration Error TemplateThe HTML template (in <PF-install>/server/default/conf/template ) to render when an integration error occurs within the adapter. The default value of general.error.page.template.html is the PingFederate error template.
  1. At the bottom of the IdP Adapter screen, click Next.
  2. On the Extended Contract screen, add any desired contract extensions, then click Next.
  3. On the Adapter Attributes screen, select username as the Pseudonym, then click Next.
  4. On the Adapter Contract Mapping screen, configure any desired adapter contracts, then click Next.
  5. On the Summary screen, verify that the information is correct, then click Done.
  6. On the Manage IdP Adapter Instances screen, click Save to complete the adapter configuration.

Updated 4 months ago