WebSphere Integration Guide

Creating a single sign-on connection

To allow PingFederate to handle single sign-on (SSO) authentication for WebSphere, create a service provider (SP) connection.

Steps

  1. Sign on to the PingFederate administrator console.

  2. On the Identity Provider tab, in the SP Connections area, create a new connection.

    1. Click Create new.

    2. If you see the Connection Template tab, select Do not use a template for this connection. Click Next.

  3. On the Connection Type tab, select only Browser SSO Profiles. Click Next.

  4. On the Connection Options tab, select only Browser SSO. Click Next.

  5. On the Import Metadata tab, select File. Click Choose File, select the sp-metadata.xml file that you saved in Configuring single sign-on in WebSphere, and then click Open. Click Next.

  6. On the General Info tab, the basic connection information is populated by the metadata XML file. Click Next.

  7. On the Browser SSO tab, configure browser SSO.

    For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO → SAML Profiles tab, select only IdP-Initiated SSO.

  8. On the Credentials tab, configure the connection credentials. Click Next.

    For a complete guide, see Configuring credentials in the PingFederate documentation.

    • On the Credentials → Digital Signature Settings tab, select the Include the certificate in the signature <KeyInfo> element check box.

  9. On the Activation and Summary tab, above the Summary section, turn on the connection.

  10. Note the SSO Application Endpoint URL. You can use this to enable SP-initiated single sign-on in Configuring single sign-on in WebSphere. Click Save.