How to let Forgerock IDC act as a authentication request forwarder to Ping

tanay.sinha11 · January 31, 2024, 9:04am

Hi All,

There is scenario where a application (SAML application) is integrated with FR IDC where we want the user of the application to get authenticated from Ping. Now the Journey will be like - User will go for the application where it be redirected to FR and FR will forward the authentication request to PING directly and PING will then authenticate the user and pass back the access to FR then FR will pass the access to User to use the application.
Here in scenario Applicaiton is SP and FR is just a request forwarder and Ping will be the IDP, Now the challenge is that how FR idc will forward to coming request from user to access the application directly to Ping.
Can you please help to me to understand some workaround that we can apply and test?

mwtech · January 31, 2024, 5:20pm

Hi @tanay.sinha11

This sounds like an IDP proxy scenario, wherein you would configure FR IDC as both an SP and an IDP (i.e. an IDP Proxy) with the appropriate relationships between your Application and FR (Application SP → FR as IDP) as well as between FR and Ping (FR as SP → Ping as IDP).

While I’m not sure there is a KB article that is specific to IDC, this article should give you a high level idea of how this works:
https://backstage.forgerock.com/knowledge/kb/article/a59184062

tanay.sinha11 · February 7, 2024, 4:41pm

Thanks @mwtech