PingFederate

PreviousActive Directory Federation Services (AD FS)NextOkta

Last updated 2 years ago

Was this helpful?

PingFederate

1 - In your PingFederate admin console, configure the credentials store you want to use ()

For initial setup/testing with Dash Enterprise, the Simple Username Password Credential Validator is sufficient

2 - Browse to your Server Manager Settings on port 8800 and enable SAML:

2.1 - Select the following options:

Use SAML for authentication
No IdP metadata is available yet
Disable TLS/SSL certificate validation when communicating with the IdP

2.2 - Leave the remaining options as their default values

2.3 - Return to the Dashboard and click Stop, then Start when it becomes available

2.4 - When the app reports ready, return to Settings and copy the SP (local) Metadata URL

Ensure that you can browse to this URL before proceeding

3 - In your PingFederate admin console, create a new SP connection () with an SP adapter instance () and set options as follows:

3.1 - SP connection adapter with the connection type of Browser SSO

3.2 - Import metadata from URL using the SP (local) Metadata URL from Step 3d

3.3 - Browser SSO enabled with:

SP-initiated SSO and SP-initiated SLO

3.4 - Browser SSO > Assertion Creation with:

Standard identity mapping
No entries under Extend the Contract

3.5 - A new IdP Adapter Instance of type HTML Form Adapter that uses:

The credentials validator you set in Step 2
IdP adapter mapping: adapter source and username value

3.6 - An authentication policy contract using Authentication Policy Contract as a source and subject as a value

3.7 - Browser SSO > Protocol Settings > Allowable SAML Bindings using only POST and Redirect

3.8 - SP Connection > Credentials with a new certificate for signature verification

4 - Click your new SP connection URL and set it to Active

5 - Return to your Server Manager Settings and:

5.1 - In the SAML settings section, select Enter a URL to the IdP (remote) metadata

5.3 - Uncheck Enable encryption

5.4 - Check Disable SSL certificate validation

5.5 - Save the settings, then return to the Dashboard and click Stop, then Start

PreviousActive Directory Federation Services (AD FS)NextOkta

Last updated 2 years ago

Was this helpful?

1 - In your PingFederate admin console, configure the credentials store you want to use ()

For initial setup/testing with Dash Enterprise, the Simple Username Password Credential Validator is sufficient

2 - Browse to your Server Manager Settings on port 8800 and enable SAML:

2.1 - Select the following options:

Use SAML for authentication
No IdP metadata is available yet
Disable TLS/SSL certificate validation when communicating with the IdP

2.2 - Leave the remaining options as their default values

2.3 - Return to the Dashboard and click Stop, then Start when it becomes available

2.4 - When the app reports ready, return to Settings and copy the SP (local) Metadata URL

Ensure that you can browse to this URL before proceeding

3 - In your PingFederate admin console, create a new SP connection () with an SP adapter instance () and set options as follows:

3.1 - SP connection adapter with the connection type of Browser SSO

3.2 - Import metadata from URL using the SP (local) Metadata URL from Step 3d

3.3 - Browser SSO enabled with:

SP-initiated SSO and SP-initiated SLO

3.4 - Browser SSO > Assertion Creation with:

Standard identity mapping
No entries under Extend the Contract

3.5 - A new IdP Adapter Instance of type HTML Form Adapter that uses:

The credentials validator you set in Step 2
IdP adapter mapping: adapter source and username value

3.6 - An authentication policy contract using Authentication Policy Contract as a source and subject as a value

3.7 - Browser SSO > Protocol Settings > Allowable SAML Bindings using only POST and Redirect

3.8 - SP Connection > Credentials with a new certificate for signature verification

4 - Click your new SP connection URL and set it to Active

5 - Return to your Server Manager Settings and:

5.1 - In the SAML settings section, select Enter a URL to the IdP (remote) metadata

5.2 - In the IdP (remote) Metadata URL field, add your PingFederate IdP’s URL (see for how to identify it)

5.3 - Uncheck Enable encryption

5.4 - Check Disable SSL certificate validation

5.5 - Save the settings, then return to the Dashboard and click Stop, then Start