We share advice on using Ping Federate as an industry-standard SAML2 Identity Provider.
For all true support questions regarding Ping Identity – or any non-Intercax provider of SAML2 service – please contact the vendor directly through their formal Support programs.
Because Ping Federate is more of a broker, than a provider, of Identity Management services, the configuration of Ping Federate involves more stages than may be typical in other more comprehensive, intrinsic IdPs.
Configuration of a Service Provider Connection within Ping Federate involves:
General Settings for a Ping Federate Service Provider (SP Connection)
Connection Type | |
Connection Role | SP |
Browser SSO Profiles | true |
Protocol | SAML 2.0 |
Connection Template | No Template |
WS-Trust STS | false |
Outbound Provisioning | false |
Connection Options | |
Browser SSO | true |
IdP Discovery | false |
Attribute Query | false |
General Info | |
Partner's Entity ID (Connection ID) | http://MYSP.MYCOMPANY.MYCOM:MYPORT |
Connection Name | MYSP.MYCOMPANY.MYCOM |
Company | Intercax |
Contact Name | Name of Admin |
Contact Number | 555-555-1212 |
Contact Email | admin@mycompany.mycom |
Application Name | MYSP.MYCOMPANY.MYCOM |
SAML Profiles
SAML Profiles | ||
IdP-Initiated SSO | false | |
IdP-Initiated SLO | false | |
SP-Initiated SSO | true | |
SP-Initiated SLO | false | |
Assertion Lifetime | ||
Valid Minutes Before | 5 | |
Valid Minutes After | 5 | |
Assertion Creation | ||
Identity Mapping | ||
Enable Standard Identifier | true | |
Attribute Contract | ||
Attribute | SAML_SUBJECT | |
Subject Name Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | |
Attribute | ||
Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:basic | |
Attribute | first_name | |
Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:basic | |
Attribute | fullname | |
Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:basic | |
Attribute | last_name | |
Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:basic | |
Attribute | uid | |
Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:basic | |
Authentication Source Mapping | ||
Adapter instance name | SP-used-HTML-Form-IdP-Adapter | |
Adapter Instance | ||
Selected adapter | SP-used-HTML-Form-IdP-Adapter | |
Mapping Method | ||
Adapter | HTML Form IdP Adapter | |
Mapping Method | Retrieve additional attributes from multiple data stores using one mapping | |
Attribute Sources & User Lookup | ||
Data Store | LDAP Source (LDAP) |
Attribute Sources & User Lookup
Data Store | ||
Attribute Source | LDAP Source | |
Attribute Source ID | attributeSourceId1 | |
Type of Data Store | LDAP | |
Data Store | MYLDAP.MYCOMPANY.MYCOM (OpenLDAP) | |
LDAP Directory Search | ||
Base DN | ou=MYUSERS,dc=MYCOMPANY,dc=MYCOM | |
Search scope | SUBTREE_SCOPE | |
Attribute | Subject DN | |
Attribute | displayName | |
Attribute | givenName | |
Attribute | ||
Attribute | sn | |
Attribute | uid | |
LDAP Filter | ||
Filter | (uid=${username}) | |
Attribute Contract Fulfillment | ||
SAML_SUBJECT | mail (LDAP) | |
mail (LDAP) | ||
first_name | givenName (LDAP) | |
fullname | displayName (LDAP) | |
last_name | sn (LDAP) | |
uid | uid (LDAP) | |
Issuance Criteria | ||
Criterion | (None) |
Protocol Settings
Assertion Consumer Service URL | ||
Endpoint | URL: http://MYSP.MYCOMPANY.MYCOM:MYPORT/authenticate/SAML2 (POST) | |
Allowable SAML Bindings | ||
Artifact | false | |
POST | true | |
Redirect | true | |
SOAP | false | |
Signature Policy | ||
Require digitally signed AuthN requests | false | |
Always Sign Assertion | true | |
Sign Response As Required | true | |
Encryption Policy | ||
Status | Inactive |
Credentials
Digital Signature Settings | ||
Selected Certificate | 01:82:BE:EF:69:A2 (CN=Product, OU=Team, O=Company, L=City, ST=State, C=US) | |
Include Certificate in KeyInfo | true | |
Include Raw Key in KeyValue | false | |
Selected Signing Algorithm | RSA SHA256 |