Introduction

This document describes integration with PingOne as the identity provider.

For information on configuring PingOne for SAML SSO, refer to the following article.

https://documentation.pingidentity.com/pingone/employeeSsoAdminGuide/index.shtml#adminOverview.html  

Adding a SAML Application

Login into PingOne as an administrator.

https://admin.pingone.com

Click the Applications > Add Application > New SAML Application.

 

Specify the application name, description and category. These are for display purposes only.

 

Click Continue to Next Step.

Click the Download link to download the identity provider metadata. This information will be required when configuring the service provider.

Click the Select File button to upload the service provider metadata.

Alternatively, manually enter the SAML configuration settings.

Click Continue to Next Step.

 

Optional attribute mappings may be specified.

Click the Save & Publish button.

 

Review the settings.

Click the SAML Metadata download link to download the identity provider metadata if not already downloaded.

Note the Single Sign-On link. This may be used to initiate SSO from the identity provider.

Click the Finish button.

 

The application is now active.

Adding a Group/Application Association

Click Users > User Groups.

Edit the Users group to add the example service provider as an application accessible by members of the group.

 

Service Provider Configuration

The following partner identity provider configuration is included in the example service provider’s SAML configuration.

{

  "Name": "https://pingone.com/idp/componentspace",

  "Description": "PingOne",

  "SingleSignOnServiceUrl": "https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=7f3aaa28-259c-4b1b-805d-cd268089403c",

  "SingleLogoutServiceUrl": "https://sso.connect.pingidentity.com/sso/SLO.saml2",

  "PartnerCertificates": [

    {

      "FileName": "certificates/pingone.cer"

    }

  ]

}

 

Ensure the PartnerName specifies the correct partner identity provider.

"PartnerName": "https://pingone.com/idp/componentspace"

SP-Initiated SSO

Browse to the example service provider and click the button to SSO to the identity provider.

 

Log into PingOne.

 

The user is automatically logged in at the service provider.

IdP-Initiated SSO

Log into PingOne.

Click the ExampleServiceProvider button.

 

The user is automatically logged in at the service provider.

SAML Logout

PingOne supports SP-initiated SAML logout only.

If logged into a service provider and the user logs out from PingOne, no SAML logout request is sent to the service provider.