PingFederate

1 - In your PingFederate admin console, configure the credentials store you want to use (guide)

  • For initial setup/testing with Dash Enterprise, the Simple Username Password Credential Validator is sufficient

2 - Browse to your Server Manager Settings on port 8800 and enable SAML:

2.1 - Select the following options:

  • Use SAML for authentication

  • No IdP metadata is available yet

  • Disable TLS/SSL certificate validation when communicating with the IdP

2.2 - Leave the remaining options as their default values

2.3 - Return to the Dashboard and click Stop, then Start when it becomes available

2.4 - When the app reports ready, return to Settings and copy the SP (local) Metadata URL

  • Ensure that you can browse to this URL before proceeding

3 - In your PingFederate admin console, create a new SP connection (guide) with an SP adapter instance (guide) and set options as follows:

3.1 - SP connection adapter with the connection type of Browser SSO

3.2 - Import metadata from URL using the SP (local) Metadata URL from Step 3d

3.3 - Browser SSO enabled with:

  • SP-initiated SSO and SP-initiated SLO

3.4 - Browser SSO > Assertion Creation with:

  • Standard identity mapping

  • No entries under Extend the Contract

3.5 - A new IdP Adapter Instance of type HTML Form Adapter that uses:

  • The credentials validator you set in Step 2

  • IdP adapter mapping: adapter source and username value

3.6 - An authentication policy contract using Authentication Policy Contract as a source and subject as a value

3.7 - Browser SSO > Protocol Settings > Allowable SAML Bindings using only POST and Redirect

3.8 - SP Connection > Credentials with a new certificate for signature verification

4 - Click your new SP connection URL and set it to Active

5 - Return to your Server Manager Settings and:

5.1 - In the SAML settings section, select Enter a URL to the IdP (remote) metadata

5.2 - In the IdP (remote) Metadata URL field, add your PingFederate IdP’s URL (see guide for how to identify it)

5.3 - Uncheck Enable encryption

5.4 - Check Disable SSL certificate validation

5.5 - Save the settings, then return to the Dashboard and click Stop, then Start

Last updated