Symantec VIP Integration Kit

Symantec VIP IdP adapter settings reference

The following tables show field descriptions for the Symantec VIP Adapter configuration page.

Standard fields
Field Description

Client Certificate

Select the VIP Manager certificate that you downloaded and imported into PingFederate.

VIP Configuration Type

Selection options are:

Pilot

The adapter tests the connection to the VIP application programming interface (API), which is used to verify user-token authentication.

Production

The adapter runs as normal.

The standard one-time passcode (OTP) security-code generators for VIP are usable only for production. They don’t provide valid codes for a pilot configuration. Instead, you must obtain the VIP Test Drive OTP generator for pilot testing.

If you have a specific URL to use for the API, enter it in the Advanced Fields section.
Advanced fields
Field Description

Default Authentication Method

Determines whether the adapter defaults to push, SMS, or voice, or prompts the user to select an authentication method for the current session. The selection options are:

None (default)

The adapter prompts the user to choose an authentication method or enter a Symantec VIP security code. This is the default selection.

Security Code

The adapter prompts the user to enter a Symantec VIP security code.

Push Notification

The adapter sends a push notification to the Symantec VIP app on the user’s mobile device.

SMS and Voice Call

The adapter sends a text or voice authentication message to the user’s phone number.

Email

The adapter sends a security code to the user’s email address.

If the default method isn’t valid for a user, the adapter prompts the user to select another authentication method.

Override Default Authentication Method

When enabled, the adapter checks the Security Code Attribute Name defined in the following row.

  • If the user has a security code in the data store, the adapter passes it to Symantec VIP, allowing the user to skip any prompts.

  • If the user does not have a security code in the data store, the adapter falls back to the default authentication method.

Security Code Attribute Name

The name of the attribute in your data store that contains a user’s Symantec VIP security code.

The adapter checks this attribute when Override Default Authentication Method is enabled.

Create User

Select this checkbox to automatically create a new user in Symantec VIP if the user doesn’t already exist.

The adapter uses the incoming User ID value as the user ID for the new account.

This checkbox is cleared by default.

Suppress Add Credential

When selected, users aren’t shown the interface to register new credentials, such as phone numbers or email addresses.

If you are using this adapter instance in a password reset flow, select this checkbox. This prevents users from bypassing authentication by adding credentials during the password reset flow.

Enable Adding SMS Credential

Select this checkbox to allow users to add SMS credentials.

This checkbox is cleared by default.

Enable Adding Voice Credential

Select this checkbox to allow users to add Voice Call credentials.

This checkbox is cleared by default.

Enable Adding Email Credential

Select this checkbox to allow users to add Email credentials.

This checkbox is cleared by default.

Enable Number Matching in Push Notifications

Select this checkbox to allow users to enter a number to match the number displayed in the push notification.

This checkbox is cleared by default.

Visible Leading Characters Length

The number of leading characters to display in the credential ID.

The default value is 3.

Visible Trailing Characters Length

The number of trailing characters to display in the credential ID.

The default value is 3.

Push Request Timeout

The timeout for push requests, in seconds.

The default value is 60.

Challenge Retries

The maximum number of times that a user can try to authenticate before authentication fails.

API URL Override

Overrides the API URL defined by the selected VIP Configuration Type.

Use a URL override to connect to the API service if you have a non-standard pilot or production instance of Symantec VIP.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_6

Management API URL Override

Overrides the Management API URL defined by the selected VIP Configuration Type.

Use a URL override to connect to the Management API service if you have a non-standard pilot or production instance of Symantec VIP.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/ManagementService_1_6

Query API URL Override

Overrides the Query API URL defined by the selected VIP Configuration Type.

Use a URL override to connect to the Query API service if you have a non-standard pilot or production instance of Symantec VIP.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/QueryService_1_6

VIP API URL Override

Overrides the VIP API URL defined by the selected VIP Configuration Type.

Use a URL override to connect to the VIP API service if you have a non-standard pilot or production instance of Symantec VIP.

By default, the adapter uses the following URL for a production configuration: https://services-auth.vip.symantec.com/mgmt/soap

HTML Template Prefix

Identifies the set of HTML templates the adapter users during authentication. You can find a description of the template files in Download manifest.

If you customize the file names of the templates in the /server/default/conf/template directory, enter the new prefix in this field.

The default value is vip.
Contract attributes

The adapter contract returns the following attributes when you make a call to it:

Attribute Description

subject (core attribute)

Specifies the username obtained by the first-factor adapter.

credential_id (non-core attribute)

Specifies the credential ID used to sign on to Symantec VIP.

credential_type (non-core attribute)

Specifies the type of credential used to sign on to Symantec VIP.