SP functionality

The following figure displays a typical SSO process flow between PingFederate and the SP application using the ReferenceID Adapter.

Processing Steps

  1. PingFederate receives a SAML assertion from an IdP partner. The assertion is validated and parsed into the user attributes, which are temporarily maintained within PingFederate.
  2. The PingFederate server redirects the user to the target SP application with a reference to the user attributes. The reference is included in the URL query string. For example: https://target.example.com?REF=ABC123
  3. The target application makes an authenticated direct HTTP(S) call to PingFederate to retrieve the user attributes. For example: https://pingfederate.example.com:9031/ext/ref/pickup?REF=ABC123
    NoteThe applications must authenticate to PingFederate using one of three mechanisms. If authentication fails, the HTTP request results in an HTTP response 401 – Unauthorized status code message. See Authenticating to PingFederate.
  4. PingFederate looks up the attributes (in the above example, referenced by ABC123) and provides them to the target application in the HTTP response. See Reference value .
  5. The target application uses the attributes to create a user session, enabling access to the target resource.

Tags Capability > Single Sign On; Hosting Environment > On-Premises; Product > Adapters and Integration Kits; Product > Adapters and Integration Kits > Integration Kits