SSO For PingFederate
PingFederate is a federation server offering identity management, web SSO, and API security. It supports identity standards such as SAML, WS-Federation, OAuth, and OpenID Connect, allowing users to securely access applications with a single identity.
Setting up SSO Using PingFederate
Step 1: Create an SP Connection in PingFederate
Log in to PingFederate.
Navigate to Identity Provider > SP Connections > Create New.
Select Browser SSO Profiles on the Connection Type page and click Next.
Select Browser SSO on the Connection Options page and click Next.
On the Import Metadata tab:
Choose File.
Upload the SSO metadata file.
Click Next.
Provide the following:
Entity ID (subdomain with https://)
Connection Name
Base URL (SAML Endpoint URL)
Click Next.
Click Configure Browser SSO.
Select IdP-Initiated SSO and SP-Initiated SSO, then click Next.
Enter Assertion Lifetime, then click Next.
Click Configure Assertion Creation.
Choose Standard Identity Mapping, then click Next.
Configure:
Subject Name Format:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Attribute Name Format for Email:
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Click Next.
Click Map New Adapter Instance.
Select an Adapter Instance, click Next.
Select Mapping Method.
Click Add Attribute Source.
Enter attribute store details and click Next.
Configure LDAP Directory Search and click Next.
Set Attribute Encoding Type to Base64 for Mail.
Select appropriate filters.
Attribute Contract Fulfillment:
Email: Source: LDAP, Value: mail
SAML_SUBJECT: Source: LDAP, Value: Subject DN
Click Next and review Attribute Source summary.
Leave next screen default settings.
Select SEND USER TO SP USING DEFAULT LIST OF ATTRIBUTES.
Attribute Contract Fulfillment:
Email: Source: Adapter, Value: mail
SAML_SUBJECT: Source: Adapter, Value: username
Click through summary and defaults until Configure Protocol Settings.
Enter protocol settings.
Select SAML bindings and set Artifact lifetime to 60 seconds.
Enter remote party URL: e.g.,
https://pg.autorabit.com/saml/SSO
Select Always Sign Assertion, set encryption policy to None, then click Next.
Complete remaining steps, keeping default values unless specified.
Under Configure Credentials, select:
HTTP BASIC
Validate partner SSL certificate
Provide Username and Password for SOAP authentication.
Repeat for Receive from your partner section with similar settings.
Choose signing key/certificates.
Complete SP connection configuration and export metadata XML:
Identity Provider > Manage All > Select Action > Export Metadata
Step 2: Configure SSO in AutoRABIT
Log in to AutoRABIT.
Navigate to Admin > My Account.
Scroll to the SSO Configuration section.
Upload the previously downloaded metadata XML.
Log out, return to the login page, and click Single Sign On.
Enter domain and click Go.
You’ll be redirected to your domain's SSO login screen. Enter PingFederate credentials.
Once completed, users will authenticate via PingFederate to access AutoRABIT through secure, federated SSO.
Last updated
Was this helpful?