Overview of the SSO flow
The following figure illustrates an example single sign-on (SSO) process flow.
In summary:
-
A user initiates the sign-on process by requesting access to a protected resource.
-
If PingFederate detects that the PingAM cookie is not present, it redirects to a configurable journey to orchestrate authentication. It also appends a PingFederate URL as a request parameter to resume the flow post-login.
If a session cookie is present, PingFederate makes a backchannel request to get session information from PingAM.
-
On a success, PingFederate extracts session information from the JSON response provided by PingAM and generates a SAML assertion.
-
PingFederate redirects the user to the protected resource and configures the SAML assertion. The user is granted access.