SSO For PingFederate

PingFederate is a federation server offering identity management, web SSO, and API security. It supports identity standards such as SAML, WS-Federation, OAuth, and OpenID Connect, allowing users to securely access applications with a single identity.


Setting up SSO Using PingFederate

Step 1: Create an SP Connection in PingFederate

  1. Log in to PingFederate.

  2. Navigate to Identity Provider > SP Connections > Create New.

  3. Select Browser SSO Profiles on the Connection Type page and click Next.

  4. Select Browser SSO on the Connection Options page and click Next.

  5. On the Import Metadata tab:

    • Choose File.

    • Upload the SSO metadata file.

    • Click Next.

  6. Provide the following:

    • Entity ID (subdomain with https://)

    • Connection Name

    • Base URL (SAML Endpoint URL)

    • Click Next.

  7. Click Configure Browser SSO.

  8. Select IdP-Initiated SSO and SP-Initiated SSO, then click Next.

  9. Enter Assertion Lifetime, then click Next.

  10. Click Configure Assertion Creation.

  11. Choose Standard Identity Mapping, then click Next.

  12. Configure:

    • Subject Name Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    • Attribute Name Format for Email: urn:oasis:names:tc:SAML:2.0:attrname-format:basic

  13. Click Next.

  14. Click Map New Adapter Instance.

  15. Select an Adapter Instance, click Next.

  16. Select Mapping Method.

  17. Click Add Attribute Source.

  18. Enter attribute store details and click Next.

  19. Configure LDAP Directory Search and click Next.

  20. Set Attribute Encoding Type to Base64 for Mail.

  21. Select appropriate filters.

  22. Attribute Contract Fulfillment:

    • Email: Source: LDAP, Value: mail

    • SAML_SUBJECT: Source: LDAP, Value: Subject DN

  23. Click Next and review Attribute Source summary.

  24. Leave next screen default settings.

  25. Select SEND USER TO SP USING DEFAULT LIST OF ATTRIBUTES.

  26. Attribute Contract Fulfillment:

    • Email: Source: Adapter, Value: mail

    • SAML_SUBJECT: Source: Adapter, Value: username

  27. Click through summary and defaults until Configure Protocol Settings.

  28. Enter protocol settings.

  29. Select SAML bindings and set Artifact lifetime to 60 seconds.

  30. Enter remote party URL: e.g., https://pg.autorabit.com/saml/SSO

  31. Select Always Sign Assertion, set encryption policy to None, then click Next.

  32. Complete remaining steps, keeping default values unless specified.

  33. Under Configure Credentials, select:

    • HTTP BASIC

    • Validate partner SSL certificate

  34. Provide Username and Password for SOAP authentication.

  35. Repeat for Receive from your partner section with similar settings.

  36. Choose signing key/certificates.

  37. Complete SP connection configuration and export metadata XML:

    • Identity Provider > Manage All > Select Action > Export Metadata


Step 2: Configure SSO in AutoRABIT

  1. Log in to AutoRABIT.

  2. Navigate to Admin > My Account.

  3. Scroll to the SSO Configuration section.

  4. Upload the previously downloaded metadata XML.

  5. Log out, return to the login page, and click Single Sign On.

  6. Enter domain and click Go.

  7. You’ll be redirected to your domain's SSO login screen. Enter PingFederate credentials.


Once completed, users will authenticate via PingFederate to access AutoRABIT through secure, federated SSO.

Last updated

Was this helpful?