Amazon

Integrating social sign-on into your application

To complete your Amazon sign-on integration, add a sign-on hyperlink to your application.

Steps

  1. If your application is outside the PingFederate domain, configure an SP connection as follows:

    1. Create a service provider (SP) connection as shown in SP connection management and Mapping an adapter instance in the PingFederate documentation.

      Use the Amazon IdP Adapter instance as an authentication source.

    2. In your web application, create a hyperlink to allow users to sign on to the SP application. Use the following URL and replace the variables based on the descriptions in the following table.

      https://<pf_host>:<pf_port>/idp/startSSO.ping?PartnerSpId=<ConnectionId>
      Variables
      Variable Description

      <pf_host>

      The host name or IP address of the PingFederate server.

      <pf_port>

      The port number for PingFederate.

      <ConnectionId>

      The federation identifier of the SP for the connection that uses the Amazon IdP Adapter instance.

  2. If your application is inside the PingFederate domain, configure an adapter-to-adapter mapping as follows:

    1. On the System > Protocol Settings > Roles & Protocols page, select Enable Identity Provider (IdP) role and support for the following and Enable Service Provider (SP) role and support for the following.

    2. In both the Enable Identity Provider and Enable Service Provider sections, select any protocol, such as SAML 2.0. Click Save.

      PingFederate requires a protocol selection to activate the roles. The protocol that you select isn’t used for this integration.

    3. On the Service Provider > Adapters page, create or select an adapter instance that’s integrated with the application as shown in SP application integration settings in the PingFederate documentation.

    4. On the Identity Provider > Adapter-to-Adapter Mappings page, configure the IdP-to-SP adapter mapping as shown in Adapter-to-adapter mappings in the PingFederate documentation.

    5. In your web application, create a hyperlink to allow users to sign on to the SP application. Use the following URL and replace the variables based on the descriptions in the table below:

      https://<pf_host>:<pf_port>/pf/adapter2adapter.ping?IdpAdapterId=<IdpAdapterId>&SpSessionAuthnAdapterId=<SpAdapterId>

      Variables
      Variable Description

      <pf_host>

      The host name or IP address of the PingFederate server.

      <pf_port>

      The port number for PingFederate.

      <IdpAdapterId>

      The instance ID of the Amazon IdP Adapter instance.

      <SpAdapterId>

      The instance ID of the SP adapter instance that’s integrated with the application.