Skip to main content

Ping federate

Discover step-by-step instructions on configuring a connection with Ping federate. Learn how to integrate your application with Ping federate for secure and streamlined SSO authentication.

How to start

SP Connection listing
  1. Log into your PingFederate admin tool
  2. Open "SP Connections"
  3. Click on "Create Connection"

Declare an application

SP Connection listing
  • Select "DO NOT USE A TEMPLATE FOR THIS CONNECTION" on screen and click "Next"
SP Connection listing
  1. Select "BROWSER SSO PROFILES"
  2. Choose "SAML 2.0" and click "Next"
SP Connection listing
  1. Choose "NONE" and click "Next"

SAML configuration

SP Connection listing
  1. In "Partner Entity ID" type the Entity ID you got from Cryptr
  2. In "Connection name" type the Connection name put also "Entity ID"
  3. Click "Next" and in the screen that appears click on "Configure Browser"
SP Connection listing
  1. Check ONLY "SP-INITIATED SSO" and "SP-INITIATED SLO" then click "Next"
  2. 💡 Keep "Assertion Lifetime" form values as default.
SP Connection listing
  1. Click on "Configure Assertion Creation"
  2. Select "STANDARD" on the new screen and click "Next"
SP Connection listing
  1. Select "urn:oasis:names:tc:SAML:2-0:nameid-format:entity" for SAML_SUBJECT
  2. Extend the contract
SP Connection listing
  1. "idp_user_id" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  2. "email" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
SP Connection listing
  1. "given_name" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  2. "family_name" with format "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  3. Click "Next"

Attributes Mapping

SP Connection listing
  1. Click on "Map new Authentication Policy"
  2. Click "Next"
SP Connection listing
  1. Select "simplecontract" on the screen
  2. Click "Next"
SP Connection listing
  • Select "USE ONLY THE AUTHENTICATION POLICY CONTRACT VALUES IN THE SAML ASSERTION" on the new screen
SP Connection listing
SP Connection listing

Attributes Contract Fulfillment

For "idp_user_id" Choose "Authentication Policy Contract" as "Source" and "User ID" for "Value"

SP Connection listing
  • For "email" Choose "Authentication Policy Contract" as "Source" and "Email Address" for "Value"
SP Connection listing
  • For "given_name" Choose "Authentication Policy Contract" as "Source" and "Given Name" for "Value"
SP Connection listing
  • For "family_name" Choose "Authentication Policy Contract" as "Source" and "Family Name" for "Value"
SP Connection listing
  1. Click "Next"
  2. Click "Next" on "Issuance Criteria" screen
  3. You'll have a Summary, on this screen click on "Done" and click "Next" or "Done" until you arrive on "Protocol Settings" screen

Activation & summary

SP Connection listing
  • On this screen, click "Configure Protocol Settings"
SP Connection listing
  1. Check "Default"
  2. Set "0" for index
SP Connection listing
  1. "POST" for Binding
  2. Paste value of "ACS URL" you'll find in right sidebar into "Endpoint URL" field
  3. Click "Add" then on Next
SP Connection listing
  1. "Redirect" as Binding
  2. Paste value of "SLO URL" you'll find in right sidebar into "Endpoint URL" field
SP Connection listing
  1. Paste value of "SLO Response URL" you'll find in right sidebar into "Response URL" field
  2. Click "Add" then on "Next"
SP Connection listing
  1. Only check "POST" and "REDIRECT"
  2. Click "Next"
SP Connection listing
  1. Only check "ALWAYS SIGN ASSERTION"
  2. Click "Next"
SP Connection listing
  1. Choose "NONE"
  2. Click "Next"
SP Connection listing
  1. Verify that in the summary, the endpoint equals the ACS URL from cryptr
  2. Click "Done"
SP Connection listingSP Connection listing
  • Click "Next" until you Arrive on "Browser SSO" summary and click "Done"

Certificate

SP Connection listing
  • On the new screen, click on "Configure Credentials"
SP Connection listing
  • Choose for "Signin Certificate" the default certificate you have
SP Connection listing
  1. Leave unchecked "INCLUDE THE CERTIFICATE IN THE SIGNATURE <KEYINFO> ELEMENT."
  2. Select "RSA SHA256" as signing algorithm
  3. Then click "Next"
SP Connection listing
  • Click on "Manage Signature Verification Settings"
SP Connection listing
  • Select "Unanchored" For trust model and click "Next"
SP Connection listing
  1. Click on "Manage Certificates"
  2. Then dowload certificate in right of this screen
SP Connection listingSP Connection listing
  1. Click on "Import" and on "Choose file"
  2. Pick up the downloaded file then click "Next"
SP Connection listing
  • Ensure "Make sure this an active verification certificate" is checked and click "Save", then on "Done"
SP Connection listing
  • Now you can click "Next" or "Done" on next screens until the Sumary and then click on "Save"

XML Metadata file

SP Connection listing

⚠️ Before exporting ensure your SP Connection is Enabled (switch on SP connection listing)

SP Connection listing
  • Click on "Select Action"
  • Click on "Export Metadata"
SP Connection listing
  • Choose the default certificate for "signing certificate" field and click "Next"
SP Connection listing
  1. Click on "Export" in the new screen to download your file on your machine.
  2. Your are now good to upload in this tutorial your XML file
  • Drop your downloaded XML metadata

Add Users to your application

Add some users to this app

Test SSO login

Test SSO login