PingFederate Agentless Integration Kit 1.2 Updated 767 11,567 people found this helpful Add to MyDocs | Hide Show Table of Contents Table of Contents Expand | Collapse Agentless Integration Kit 1.2 Release Notes SP functionality The following figure displays a typical SSO process flow between PingFederate and the SP application using the ReferenceID Adapter. Processing Steps PingFederate receives a SAML assertion from an IdP partner. The assertion is validated and parsed into the user attributes, which are temporarily maintained within PingFederate. The PingFederate server redirects the user to the target SP application with a reference to the user attributes. The reference is included in the URL query string. For example: https://target.example.com?REF=ABC123 The target application makes an authenticated direct HTTP(S) call to PingFederate to retrieve the user attributes. For example: https://pingfederate.example.com:9031/ext/ref/pickup?REF=ABC123 NoteThe applications must authenticate to PingFederate using one of three mechanisms. If authentication fails, the HTTP request results in an HTTP response 401 – Unauthorized status code message. See Authenticating to PingFederate. PingFederate looks up the attributes (in the above example, referenced by ABC123) and provides them to the target application in the HTTP response. See Reference value . The target application uses the attributes to create a user session, enabling access to the target resource. Install the ReferenceID adapter Setup the ReferenceID adapter Parent TopicAgentless Integration Kit 1.2Child TopicsInstall the ReferenceID adapterSetup the ReferenceID adapter Tags Capability > Single Sign On; Hosting Environment > On-Premises; Product > Adapters and Integration Kits; Product > Adapters and Integration Kits > Integration Kits
SP functionality The following figure displays a typical SSO process flow between PingFederate and the SP application using the ReferenceID Adapter. Processing Steps PingFederate receives a SAML assertion from an IdP partner. The assertion is validated and parsed into the user attributes, which are temporarily maintained within PingFederate. The PingFederate server redirects the user to the target SP application with a reference to the user attributes. The reference is included in the URL query string. For example: https://target.example.com?REF=ABC123 The target application makes an authenticated direct HTTP(S) call to PingFederate to retrieve the user attributes. For example: https://pingfederate.example.com:9031/ext/ref/pickup?REF=ABC123 NoteThe applications must authenticate to PingFederate using one of three mechanisms. If authentication fails, the HTTP request results in an HTTP response 401 – Unauthorized status code message. See Authenticating to PingFederate. PingFederate looks up the attributes (in the above example, referenced by ABC123) and provides them to the target application in the HTTP response. See Reference value . The target application uses the attributes to create a user session, enabling access to the target resource. Install the ReferenceID adapter Setup the ReferenceID adapter Parent TopicAgentless Integration Kit 1.2Child TopicsInstall the ReferenceID adapterSetup the ReferenceID adapter
SP functionality The following figure displays a typical SSO process flow between PingFederate and the SP application using the ReferenceID Adapter. Processing Steps PingFederate receives a SAML assertion from an IdP partner. The assertion is validated and parsed into the user attributes, which are temporarily maintained within PingFederate. The PingFederate server redirects the user to the target SP application with a reference to the user attributes. The reference is included in the URL query string. For example: https://target.example.com?REF=ABC123 The target application makes an authenticated direct HTTP(S) call to PingFederate to retrieve the user attributes. For example: https://pingfederate.example.com:9031/ext/ref/pickup?REF=ABC123 NoteThe applications must authenticate to PingFederate using one of three mechanisms. If authentication fails, the HTTP request results in an HTTP response 401 – Unauthorized status code message. See Authenticating to PingFederate. PingFederate looks up the attributes (in the above example, referenced by ABC123) and provides them to the target application in the HTTP response. See Reference value . The target application uses the attributes to create a user session, enabling access to the target resource. Install the ReferenceID adapter Setup the ReferenceID adapter Parent TopicAgentless Integration Kit 1.2Child TopicsInstall the ReferenceID adapterSetup the ReferenceID adapter