PINGIDENTITY.

COM
CREATING A
CONNECTION IN
PINGFEDERATE
SENDING AND RECEIVING AN ASSERTION
§ Two connections need to be created
§ Doesn’t matter which side does it first!

Copyright © 2015 Ping Identity Corp. All rights reserved.3

 THE IDENTITY PROVIDER SENDS
ASSERTIONS

4 Copyright © 2015 Ping Identity Corp. All rights reserved. 4

 THE SERVICE PROVIDER RECEIVES
ASSERTIONS

5 Copyright © 2015 Ping Identity Corp. All rights reserved. 5

BOTH SIDES NEED TO CONFIGURE…
§ Attributes being sent in the assertion?
– (name, email,…?)
§ Protocol used?
– (SAML 2.0, SAML 1.1,…?)
§ Binding?
– (POST, Artifact)
§ Entity ID / Base URL
§ How is the assertion signed?

Copyright © 2015 Ping Identity Corp. All rights reserved.6

CREATING A CONNECTION
§ From scratch, or
§ Metadata file from partner (either side!)
§ Order doesn’t matter

Copyright © 2015 Ping Identity Corp. All rights reserved.7

METADATA
§ Contains connection information
§ SAML standard

Copyright © 2015 Ping Identity Corp. All rights reserved.8

 SAML METADATA
§ This SP created their connection first, so this is the metadata sent from
the SP to the IdP

Where and how

the IdP should
send the assertion

The SP needs the IdP to

send these attributes in
the assertion

Information about
the SP (optional)
Copyright © 2015 Ping Identity Corp. All rights reserved.9
LAB: CREATE CONNECTION ON IDP SIDE
§ Change PingFederate login on IdP to be from OpenLDAP
database
– Unrelated, but good practice
§ Create a connection on IdP (wal-ping.com) to send an
assertion to the SP (den-ping.com)
§ Map your HTMLForm adapter to prompt user for
authentication in this connection
– (what user is PingFederate creating an assertion for?)
§ Export metadata file to send to the service provider later

Copyright © 2015 Ping Identity Corp. All rights reserved.10

PINGIDENTITY.COM