In this use case, PingFederate is bridging SSO and SLO transactions between an identity provider and a service provider. For example, you may have a legacy IdP system that is only capable of sending SAML 1.1 assertions via POST. Your service provider however requires SAML 2.0 assertions via the artifact binding. With federation hub, you can configure PingFederate to consume inbound SAML 1.1 assertions (by POST), translate them to SAML 2.0 assertions, and send them via the artifact binding to the service provider.
  1. Enable both the IdP and the SP roles with the applicable protocols on the System > Protocol Settings > Roles & Protocols screen.
  2. Create a contract to bridge the attributes between the identity provider and the service provider (see Federation hub and authentication policy contracts).
  3. Create an IdP connection between the identity provider and PingFederate (the federation hub as the SP) and add to the IdP connection the applicable authentication policy contract(s) on the Target Session Mapping screen.
  4. Create an SP connection between PingFederate (the federation hub as the IdP) and the service provider and add to the SP connection the corresponding authentication policy contract on the Authentication Source Mapping screen.
  5. Work with the identity provider to connect to PingFederate (the federation hub) as the SP.
  6. Work with the service provider to connect to PingFederate (the federation hub) as the IdP.