I have a project to using PingFederate between SharePoint online and on-premises, both have same authentication with PingFederate.
The requirement is building an ASPNETCore Web API that can accept a request from one of them with user name or token with the call, then use these information to authenticate (or delegate against the other one) get a permission trimmer resources related with the user and return the result to the call as json.
The requirement is the same as in this site using [login to view URL] :
[login to view URL]
but instead of using Azure ADFS, the local PingFederate is the ADFS in this case.
I have an application in ASPNETCore and ASP.NET framework is working in the federation and can get authentication if I logged in one of our SharePoint sites.
so maybe if the federation features in my scenario can work in this way, it could be some helpful to find an easiest idea for implementation.
I did many trials in ASP NET core and in JS, and still have little information about the PingFederate server, looks this is my issue cant completing the project,
one of my friend in MS told me to modify [login to view URL] to use it with PingFed by changing the configuration of code to be able to use the PingFederate.
It requires time to understand the communication of PingFederate like how to leverage SAML and JWT, I hope your plan took that in consideration.
So when get a chance please I like to see an idea about how to take the token from 1st SharePoint and use it against 2nd one to get some resources (both of them are under one PingFed Server), you know the SP online needs integration with local ADFS server and that already exist so the user when try to browse SharePoint online they will be redirected to our PingFed then can open the SharePoint after successfully login, I can confirm the user from online is already identified in PingFed when trying to use the other site.
Later I decided to create an ASPNET core site (also under PingFed Authentication), the 1st SharePoint sends a request to this API like https://[WebAPI url/api/control/getInfoFromAnotherSharePoint?User=[my account]&action=func1 , the API will take that call and trying to authenticate this user (using browser token, or some REF ID or anything you'll suggest) at the end the Web API can authenticate the user (or let say delegates that user) then call another SharePoint using the user authentication
to the 2nd REST API like [login to view URL] using that token to get the information then send it back to the first call.
in general this is the same as when users open SharePoint online, the browser can connect silently to Microsoft graph and maybe other sites (not in same domain) without requiring to login again, this is the same in this project but the authentication here is the PingFed instead of Azure ADFS.
Experience required (please google them to get more info):
1- PingFed authentication using SAML, JWT and good knowledge about Agentless Kit
2- [login to view URL] using the same like [login to view URL](), but this time needs some extra configuration to connect to PingFed like [login to view URL]