PingFederate

1 - In your PingFederate admin console, configure the credentials store you want to use (guide)
  • For initial setup/testing with Dash Enterprise, the Simple Username Password Credential Validator is sufficient
2 - Browse to your Server Manager Settings on port 8800 and enable SAML:
2.1 - Select the following options:
  • Use SAML for authentication
  • No IdP metadata is available yet
  • Disable TLS/SSL certificate validation when communicating with the IdP
2.2 - Leave the remaining options as their default values
2.3 - Return to the Dashboard and click Stop, then Start when it becomes available
2.4 - When the app reports ready, return to Settings and copy the SP (local) Metadata URL
  • Ensure that you can browse to this URL before proceeding
3 - In your PingFederate admin console, create a new SP connection (guide) with an SP adapter instance (guide) and set options as follows:
3.1 - SP connection adapter with the connection type of Browser SSO
3.2 - Import metadata from URL using the SP (local) Metadata URL from Step 3d
3.3 - Browser SSO enabled with:
  • SP-initiated SSO and SP-initiated SLO
3.4 - Browser SSO > Assertion Creation with:
  • Standard identity mapping
  • No entries under Extend the Contract
3.5 - A new IdP Adapter Instance of type HTML Form Adapter that uses:
  • The credentials validator you set in Step 2
  • IdP adapter mapping: adapter source and username value
3.6 - An authentication policy contract using Authentication Policy Contract as a source and subject as a value
3.7 - Browser SSO > Protocol Settings > Allowable SAML Bindings using only POST and Redirect
3.8 - SP Connection > Credentials with a new certificate for signature verification
4 - Click your new SP connection URL and set it to Active
5 - Return to your Server Manager Settings and:
5.1 - In the SAML settings section, select Enter a URL to the IdP (remote) metadata
5.2 - In the IdP (remote) Metadata URL field, add your PingFederate IdP’s URL (see guide for how to identify it)
5.3 - Uncheck Enable encryption
5.4 - Check Disable SSL certificate validation
5.5 - Save the settings, then return to the Dashboard and click Stop, then Start