--- title: Using the IdP sample application description: When accessed first, the identity provider (IdP) sample application simulates the IdP-initiated SSO and SLO scenario in which users authenticate to an IdP locally to access a remote service provider (SP) application. As an example scenario, users could be accessing a company portal that provides links to partner web resources such as HR or 401(k) information. component: java page_id: java:setup:pf_java_ik_using_the_idp_sample_application canonical_url: https://docs.pingidentity.com/integrations/java/setup/pf_java_ik_using_the_idp_sample_application.html revdate: June 21, 2024 section_ids: steps: Steps --- # Using the IdP sample application When accessed first, the identity provider (IdP) *(tooltip: \
\

A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\

\
)* sample application simulates the IdP-initiated SSO and SLO scenario in which users authenticate to an IdP locally to access a remote service provider (SP) *(tooltip: \
\

In SAML, an entity that receives and accepts an authentication assertion issued by an IdP, typically for the purpose of allowing access to a protected resource.\

\
)* application. As an example scenario, users could be accessing a company portal that provides links to partner web resources such as HR or 401(k) information. ## Steps 1. Start PingFederate. 2. In a web browser, open the sample application: https\://*\*:*\*/IdpSample If you deployed the application elsewhere, modify the host name accordingly. Learn more in [Advanced installation and configuration](pf_java_ik_advanced_installation_and_configuration.html). 3. On the **IdP Application** home page, click **Local Login**. 4. On the **Local Login** page, sign on with the following credentials: Username: `joe` Password `test` 5. Click **Login**. When you authenticate locally to the IdP sample application, no communication occurs between the application and PingFederate; the user authenticates using the local user store. No SSO use cases are invoked until PingFederate is called on the home page via the **Single Sign-On** button. ![stt1563995434587](_images/stt1563995434587.jpg) 6. If you customized your configuration by creating different SP connections or deploying the IdP application on a separate server, update the application configuration as shown in [IdP sample application configuration reference](pf_java_ik_idp_sample_application_configuration_reference.html). 7. After logging on to the IdP sample application, the **IdP Application** home page reappears. In addition to SSO/SLO information and controls, this page now shows attributes sent to the SP in the SAML assertion. The steps below describe how to test the basic SSO/SLO functionality of this page: 1. Click **Single Sign-On** to begin IdP-initiated SSO to the SP sample application. A user session on the SP is created, and you are signed on to the SP sample application. You can find more information in [Using the SP sample application](pf_java_ik_using_the_sp_sample_application.html). 2. To demonstrate IdP-initiated SLO, return to this identity provider page by changing the browser location back to https\://*\*:*\*/IdpSample. Then click **Single Logout** to initiate an SLO request to the SP. When the user session on the remote SP is destroyed, the local session is destroyed as well (clicking **Single Sign-on** here or on the SP application page redirects to the IdP logon page). | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you initiate SSO from the SP, the **Single Logout** button is operational and ends both sessions. If you click **Local Logout** on this screen, the SP session is still in force. You can access the SP application directly in the browser and see the attributes passed in from the original SAML assertion. |