Skip to main content

Integration PingFederate


This document describes the procedure to configure the BlockID Admin Console as a passwordless authentication solution for the PingFederate protected applications. This integration will allow your users to log in to their respective applications using PingFederate leveraging their biometrics. The biometric options include Touch ID / Face ID and LiveID.

Before you Begin

You will need the following resources and privileges to complete this integration:

  1. Admin access to the following:
    • BlockID tenant URL: If your organization is not registered for the BlockID tenant, visit the Sign Up page to set up a free BlockID tenant for your organization. The 1Kosmos representative will create a tenant URL, community, tenant tag, and a license key for your respective organization within the BlockID platform.
  2. Pingconnector package. To obtain the Pingconnector package, please contact your 1Kosmos representative.
  3. Install on your mobile device:


  1. With the above prerequisites, you should now successfully be registered and be able to login to:
    • BlockID tenant. Ensure the email address used to log in to this application is the same as the one used to log in to the PingFederate account.
  2. Copy the file on your PingFederate server.
  3. Installed and registered the BlockID mobile application.

The user needs to install and configure the Ping BlockID connector to enable this integration:

List of Topics:

  1. Install and configure the Ping BlockID connector
  2. Test the PingFederated protected application login

Install the Ping BlockID Connector


The following steps will be performed by your PingFederate administrator.

  1. Shut down the PingFederate server.

  2. Extract the file, copy the “BlockIDAdapter.jar” file, and paste it into the<PINGFEDERATE_HOME>/server/default/deploy directory.

  3. Extract and open the BlockIDSDK.war file.

    • Navigate to WEB-INF\classes\com\onekosmos\ location, open the file and update the following values as per your environment:
    my_public_key=enter your public key
    my_private_key= enter your private key
    tenantTag= enter your tenant tag
    tenantURL= enter your tenant URL
    communityName= enter your community name
    licenseKey= enter your license key
  4. Copy the BlockIDSDK.war file and paste it into the <PINGFEDERATE_HOME>/server/default/deploy directory.

  5. Copy the BlockIDDecrypt.jar, and bcprov-jdk15on-166.jar files and paste them into <PINGFEDERATE_HOME>/server/default/lib directory.

  6. Start the PingFederate server.

  7. Open the default PingFederate login template from the <PINGFEDERATE_HOME>/server/deploy/conf/template directory, and perform the following changes in the html.form.login.template file to embed the BlockID Universal Web Login (UWL) in the login page.

    • Import the following javascript code:
    <script type="text/javascript" src="https:// <pingfedhostname>/BlockIDSDK/js/blockid.js"></script>
    • Add the following code:
    <script type="text/javascript">
    function createSession() {
    createNewSession("Fingerprint", "did,userid", "qrcode",null
    , function(result, error) {client_dataRecieved(result)}
    function client_dataRecieved(result) {
    let str = JSON.stringify(result, null, 4);
    var obj = JSON.parse(str);
    • Add the following form:

      <form id="loginbid" name="loginbid" method="POST" action="https://<pingfedhostname>/idp/">
      <input type="hidden" name="blockidAuthn" id="blockidAuthn" value="true" />
      <input type="hidden" name="payload" id="payload" /> </form>
    • Add the following div code on the page where the QR code needs to be displayed:

      <div id="qrcode" style="z-index: 1;position:relative;margin:10px"></div>
  8. Login to the PingFederate admin console.

  9. Create a BlockID adapter with the following details:

Create Adapter Instance
Instance NameBlockidadapter
Instance IDBlockidadapter
TypeBlockID Adapter v1.0.1
Class Namecom.onekosmos.pingfederate.challengeresponse.ChallengeResponseAdapter
Parent Instance NameNone
IdP Adapter
AdapterThis adapter type has no individually configurable fields.
Extended Contract
Adapter Attributes
Adapter Contract Mapping
Attribute Sources & User Lookup
Data Sources(None)
Adapter Contract Fulfillment
usernameusername (Adapter)
Issuance Criteria
  1. Create a selector with the following details:
Create Authentication Selector Instance
Instance NameBlockIDSelector1
Instance IDBlockIDSelector1
TypeHTTP Request Parameter Authentication Selector
Authentication Selector
HTTP Request Parameter NameblockidAuthn
Case-Sensitive Matchingtrue
Enable 'Any' Result Valuefalse
Enable 'No Match' Result Valuefalse
Enable 'Not in Request' Result Valuetrue
Selector Result Values
  1. Perform the following steps to create the authentication policy:
    • Navigate to *Service Provider > Policy Contracts > Create New Contract*.
    • In the Authentication Policy Contract screen:
      • Name: Enter the appropriate name for the policy.
      • Description: Enter the appropriate description for the policy.
      • Select the Enable option for the policy
      • Click Done
      • Click Save.
  1. Restart the PingFederate server.

Test the PingFederated protected application login

  1. In your browser, open your organization’s PingFederated protected application. The application is displayed with the barcode to be scanned from your BlockID mobile app.
  2. On the BlockID mobile application’s Home screen, click ‘Scan QR’.
  3. Scan the QR code. The confirmation pop-up window is displayed asking to Allow BlockID to access this device’s location?.
  4. In the confirmation pop-up window, select Allow only while using the app. The Authentication screen is displayed with the Please authenticate using <Biometric_option> from 1kosmos message.
  5. Click Authenticate and perform the appropriate authentication method. The pop-up window is displayed with Thank you! You have successfully authenticated to Log In message upon successful authentication.
  6. You will be logged in to your organization's PingFederate protected account.