Integrating social sign-on into your application
To complete your AWS IAM Identity Center sign-on integration, add a sign-on hyperlink to your application.
Steps
-
Create an SP connection to your application as shown in SP connection management in the PingFederate documentation. Use your IdP adapter instance and Mapping an adapter instance in the PingFederate documentation.
-
Use the AWS IAM Identity Center Provisioner instance as an authentication source. For help, see Mapping an adapter instance in the PingFederate documentation.
-
-
If your application is outside the PingFederate domain, configure a service provider (SP) connection.
-
Create an SP connection that uses your IdP adapter instance as shown in SP connection management and Mapping an adapter instance in the PingFederate documentation.
-
In your web application, create a hyperlink to allow users to sign on to the SP application. Use the following URL and replace the variables based on the descriptions in the following table.
https://<pf_host>:<pf_port>/idp/startSSO.ping?PartnerSpId=<ConnectionId>
Variable Description <pf_host>
The host name or IP address of the PingFederate server.
<pf_port>
The port number for PingFederate.
<ConnectionId>
The federation identifier of the SP for the connection that uses the GitHub IdP Adapter instance.
-
-
If your application is inside the PingFederate domain, configure an adapter-to-adapter mapping.
-
On the System → Protocol Settings → Roles & Protocols screen, select Enable Identity Provider (IdP) role and support for the following and Enable Service Provider (SP) role and support for the following.
-
In both the Enable Identity Provider and Enable Service Provider sections, select any protocol, such as SAML 2.0. Click Save.
PingFederate requires a protocol selection to activate the roles. The protocol that you select is not used for this integration.
-
On the Service Provider → Adapters screen, create or select an adapter instance that is integrated with the application as shown in SP application integration settings in the PingFederate documentation.
-
On the Identity Provider → Adapter-to-Adapter Mappings screen, configure the IdP-to-SP adapter mapping as shown in Adapter-to-adapter mappings in the PingFederate documentation.
-
In your web application, create a hyperlink to allow users to sign on to the SP application. Use the following URL and replace the variables based on the descriptions in the table below:
https://<pf_host>:<pf_port>/pf/adapter2adapter.ping?IdpAdapterId=<IdpAdapterId>&SpSessionAuthnAdapterId=<SpAdapterId>
Variable Description <pf_host>
The host name or IP address of the PingFederate server.
<pf_port>
The port number for PingFederate.
<IdpAdapterId>
The instance ID of the GitHub IdP Adapter instance.
<SpAdapterId>
The instance ID of the SP adapter instance that has been integrated with the application.
-