Ping federate
Discover step-by-step instructions on configuring a connection with Ping federate. Learn how to integrate your application with Ping federate for secure and streamlined SSO authentication.
How to start
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588468/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.23.20_uyaebm.png)
- Log into your PingFederate admin tool
- Open "SP Connections"
- Click on "Create Connection"
Declare an application
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588468/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.23.32_sbq8ea.png)
- Select "DO NOT USE A TEMPLATE FOR THIS CONNECTION" on screen and click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588468/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.23.49_djp0j1.png)
- Select "BROWSER SSO PROFILES"
- Choose "SAML 2.0" and click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588468/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.24.31_icd3cl.png)
- Choose "NONE" and click "Next"
SAML configuration
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.28.16_dx3p7o.png)
- In "Partner Entity ID" type the Entity ID you got from Cryptr
- In "Connection name" type the Connection name put also "Entity ID"
- Click "Next" and in the screen that appears click on "Configure Browser"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202520/PingFederate%20Configuration/ping_federate_001_k9o67i.png)
- Check ONLY "SP-INITIATED SSO" and "SP-INITIATED SLO" then click "Next"
- 💡 Keep "Assertion Lifetime" form values as default.
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588468/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.29.28_aupnuz.png)
- Click on "Configure Assertion Creation"
- Select "STANDARD" on the new screen and click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.30.45_rwrypc.png)
- Select "urn:oasis:names:tc:SAML:2-0:nameid-format:entity" for SAML_SUBJECT
- Extend the contract
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531741/PingFederate%20Configuration/01082024/configure_saml_i8sqml.png)
- "idp_user_id" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- "email" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531741/PingFederate%20Configuration/01082024/configure_saml_i8sqml.png)
- "given_name" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- "family_name" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- Click "Next"
Attributes Mapping
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.39.19_ag4hub.png)
- Click on "Map new Authentication Policy"
- Click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.44.27_rkt3q7.png)
- Select "simplecontract" on the screen
- Click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_06.44.27_rkt3q7.png)
- Select "USE ONLY THE AUTHENTICATION POLICY CONTRACT VALUES IN THE SAML ASSERTION" on the new screen
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
Attributes Contract Fulfillment
For "idp_user_id" Choose "Authentication Policy Contract" as "Source" and "User ID" for "Value"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
- For "email" Choose "Authentication Policy Contract" as "Source" and "Email Address" for "Value"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
- For "given_name" Choose "Authentication Policy Contract" as "Source" and "Given Name" for "Value"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
- For "family_name" Choose "Authentication Policy Contract" as "Source" and "Family Name" for "Value"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1722531920/PingFederate%20Configuration/01082024/attributes_mapping_gsdecb.png)
- Click "Next"
- Click "Next" on "Issuance Criteria" screen
- You'll have a Summary, on this screen click on "Done" and click "Next" or "Done" until you arrive on "Protocol Settings" screen
Activation & summary
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.01.47_rxt5hn.png)
- On this screen, click "Configure Protocol Settings"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.01.47_rxt5hn.png)
- Check "Default"
- Set "0" for index
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.01.47_rxt5hn.png)
- "POST" for Binding
- Paste value of "ACS URL" you'll find in right sidebar into "Endpoint URL" field
- Click "Add" then on Next
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638206041/PingFederate%20Configuration/ping_federate_006_qk1hop.png)
- "Redirect" as Binding
- Paste value of "SLO URL" you'll find in right sidebar into "Endpoint URL" field
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638206041/PingFederate%20Configuration/ping_federate_006_qk1hop.png)
- Paste value of "SLO Response URL" you'll find in right sidebar into "Response URL" field
- Click "Add" then on "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588469/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.02.15_lvblut.png)
- Only check "POST" and "REDIRECT"
- Click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.02.36_artypz.png)
- Only check "ALWAYS SIGN ASSERTION"
- Click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.04.44_bmixyl.png)
- Choose "NONE"
- Click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.04.44_bmixyl.png)
- Verify that in the summary, the endpoint equals the ACS URL from cryptr
- Click "Done"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.05.17_kamf48.png)
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.05.44_qkhxpk.png)
- Click "Next" until you Arrive on "Browser SSO" summary and click "Done"
Certificate
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638206535/PingFederate%20Configuration/ping_federate_007_qm0ut5.png)
- On the new screen, click on "Configure Credentials"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202520/PingFederate%20Configuration/ping_federate_002_mllx8h.png)
- Choose for "Signin Certificate" the default certificate you have
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202520/PingFederate%20Configuration/ping_federate_002_mllx8h.png)
- Leave unchecked "INCLUDE THE CERTIFICATE IN THE SIGNATURE
<KEYINFO>
ELEMENT." - Select "RSA SHA256" as signing algorithm
- Then click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638207088/PingFederate%20Configuration/ping_federate_008_qlsgns.png)
- Click on "Manage Signature Verification Settings"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638207088/PingFederate%20Configuration/ping_federate_009_dcaawy.png)
- Select "Unanchored" For trust model and click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202520/PingFederate%20Configuration/ping_federate_003_trgnq4.png)
- Click on "Manage Certificates"
- Then dowload certificate in right of this screen
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202519/PingFederate%20Configuration/ping_federate_004_xp2myy.png)
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638202520/PingFederate%20Configuration/ping_federate_005_oqnyho.png)
- Click on "Import" and on "Choose file"
- Pick up the downloaded file then click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638207432/PingFederate%20Configuration/ping_federate_010_t8ftgn.png)
- Ensure "Make sure this an active verification certificate" is checked and click "Save", then on "Done"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1630588470/PingFederate%20Configuration/Capture_d_e%CC%81cran_2021-08-25_a%CC%80_07.05.44_qkhxpk.png)
- Now you can click "Next" or "Done" on next screens until the Sumary and then click on "Save"
XML Metadata file
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638208335/PingFederate%20Configuration/ping_federate_011_fgqvmz.png)
⚠️ Before exporting ensure your SP Connection is Enabled (switch on SP connection listing)
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638208335/PingFederate%20Configuration/ping_federate_011_fgqvmz.png)
- Click on "Select Action"
- Click on "Export Metadata"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638208335/PingFederate%20Configuration/ping_federate_012_jdlomt.png)
- Choose the default certificate for "signing certificate" field and click "Next"
![SP Connection listing](https://res.cloudinary.com/cryptr/image/upload/v1638208335/PingFederate%20Configuration/ping_federate_013_sbjvn4.png)
- Click on "Export" in the new screen to download your file on your machine.
- Your are now good to upload in this tutorial your XML file
- Drop your downloaded XML metadata
Add Users to your application
Add some users to this app
Test SSO login
Test SSO login