Configuring Browser SSO
For the single sign-on (SSO) part of your connection to Contentful, use the details below.
About this task
For all other settings, you can use the default or customize the configuration for your needs. For help, see Configuring IdP Browser SSO in the PingFederate documentation. |
Steps
-
On the Browser SSO tab, click Configure Browser SSO.
-
On the Browser SSO → SAML Profiles tab, select only IDP-Initiated SSO and SP-Initiated SSO. Click Next.
-
On the Assertion Lifetime tab, click Next.
-
On the Assertion Creation tab, configure the assertion.
-
Click Configure Assertion Creation.
-
On the Attribute Contract tab, set the following name formats. Click Next.
Attribute name formats Attribute Contract Subject Name format SAML_SUBJECT
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
email
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
givenname
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
surname
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
-
On the Authentication Source Mapping tab, click Map New Adapter Instance.
-
On the IdP Adapter Mapping → Adapter Instance tab, from the Adapter Instance list, select the adapter instance that you created in Creating an HTML Form Adapter instance. Click Next.
-
On the Mapping Method tab, click Next.
-
On the Attribute Contract Fulfillment tab, select Adapter for all attributes. Click Next.
-
On the Issuance Criteria tab, click Next.
-
On the Summary tab, click Done.
-
On the Browser SSO → Assertion Creation → Authentication Source Mapping tab, click Next.
-
On the Summary tab, click Done.
-
-
On the Protocol Settings tab, configure the protocol settings.
-
Click Configure Protocol Settings.
-
On the Assertion Consumer Service URL tab, the default URL is populated by the Contentful
metadata.xml
file. Click Next. -
On the Allowable SAML Bindings tab, select only POST and Redirect. Click Next.
-
On the Signature Policy tab, clear the Require authn requests to be signed check box. Click Next.
-
On the Encryption Policy tab, click Next
-
On the Summary tab, click Done.
-
On the Browser SSO → Protocol Settings tab, click Next.
-
On the Summary tab, click Done.
-
-
On the SP Connection → Browser SSO tab, click Next.