feat(pingidentity): add PingFederate auth provider#8979
Open
JessicaJHee wants to merge 1 commit into
Open
Conversation
JessicaJHee
requested review from
a team,
AndrienkoAleksandr,
PatAKnight,
djanickova,
dzemanov and
lholmquist
as code owners
Contributor
Changed Packages
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new PingFederate OIDC auth backend module under the pingidentity workspace, including PingFederate-specific sign-in resolvers (LDAP UUID and Ping Identity user ID) and accompanying configuration + tests. It also updates PingIdentity catalog module wording to explicitly describe PingOne ingestion and updates the workspace lockfile for the new package.
Changes:
- Introduces
@backstage-community/plugin-auth-backend-module-pingfederate-providerwith authenticator, backend module registration, and PingFederate-specific sign-in resolvers. - Adds test coverage for the authenticator and module wiring using MSW +
startTestBackend. - Updates PingIdentity catalog module docs/metadata to refer to PingOne and clarifies ingestion purpose; updates
yarn.lockaccordingly.
Reviewed changes
Copilot reviewed 15 out of 18 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| workspaces/pingidentity/yarn.lock | Adds the new workspace package and updates dependency resolutions/versions. |
| workspaces/pingidentity/plugins/catalog-backend-module-pingidentity/README.md | Renames/clarifies documentation to describe PingOne ingestion. |
| workspaces/pingidentity/plugins/catalog-backend-module-pingidentity/package.json | Updates description to reflect PingOne/Ping Identity cloud ingestion. |
| workspaces/pingidentity/plugins/catalog-backend-module-pingidentity/config.d.ts | Improves config documentation for PingOne ingestion configuration. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/resolvers.ts | Adds PingFederate-specific sign-in resolvers (LDAP UUID + Ping Identity user ID). |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/module.ts | Registers the PingFederate provider module with the auth backend. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/module.test.ts | Adds integration-style module test using startTestBackend + MSW. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/index.ts | Exposes authenticator/module/resolvers as the package public API. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/authenticator.ts | Implements PingFederate OIDC authenticator (start/authenticate/refresh/logout). |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/src/authenticator.test.ts | Adds unit tests for the authenticator flows. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/report.api.md | API Extractor output for the new package. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/README.md | Usage, installation, and configuration documentation for the new provider. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/package.json | Defines the new package metadata and dependencies. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/knip-report.md | Adds a knip report placeholder for the package. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/dev/index.ts | Dev harness to run the module with a backend instance. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/config.d.ts | Config schema typings for PingFederate provider configuration. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/catalog-info.yaml | Catalog metadata for the new module package. |
| workspaces/pingidentity/plugins/auth-backend-module-pingfederate-provider/.eslintrc.js | ESLint config for the new package. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
ac4c818 to
3c59f34
Compare
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
3c59f34 to
acae11f
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 15 out of 18 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
acae11f to
e46273b
Compare
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
e46273b to
94b7747
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 15 out of 18 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
94b7747 to
67a1e18
Compare
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
67a1e18 to
3ba1fe9
Compare
PatAKnight
reviewed
May 11, 2026
Contributor
PatAKnight
left a comment
PatAKnight
left a comment
There was a problem hiding this comment.
Couple of comments, seems like you also have a few GitHub copilot suggestions as well.
| } | ||
| >; | ||
| }; | ||
| sessionDuration?: HumanDuration | string; |
Contributor
There was a problem hiding this comment.
Is this being used? I don't see it anywhere at the moment.
Contributor
Author
There was a problem hiding this comment.
This config is handled here for all auth providers
| @@ -1,15 +1,15 @@ | |||
| # Ping Identity Backend Plugin for Backstage | |||
| # PingOne Backend Plugin for Backstage | |||
Contributor
There was a problem hiding this comment.
I see that we are updating the naming from "Ping Identity" to "Ping One", is this necessary? I worry that it could cause some confusion since the plugin is still named "pingidentity"
Contributor
Author
There was a problem hiding this comment.
I wanted to clarify that the catalog provider currently only works with PingIdentity's cloud offering PingOne. I was looking into changing the plugin name but maybe in the future we will add more support for other PingIdentity products for org data ingestion. WDYT?
Signed-off-by: Jessica He <jhe@redhat.com>
JessicaJHee
force-pushed
the
pingfederate-auth
branch
from
3ba1fe9 to
db04f41
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey, I just made a Pull Request!
Adds a new authentication module for PingFederate integration with PingFederate-specific sign-in resolvers and configs
New sign-in resolvers:
ldapUuidMatchingAnnotation- Matches LDAP UUID claim tobackstage.io/ldap-uuidannotationldap_uuid)subClaimMatchingPingIdentityUserId- Matchessubclaim topingidentity.org/idannotation✔️ Checklist
Signed-off-byline in the message. (more info)