PingCentral

Using SAML 2.0 templates

After selecting a SAML template, use that template to apply user authentication and authorization support to an application.

Before you begin

You must provide:

  • The name of the application.

  • A brief, accurate description of your application.

  • Attribute mapping information, used to map your application attributes to the identity attributes required from the identity provider to verify users' identities.

Steps

  1. In PingCentral, on the Select Metadata page, complete one of the following tasks:

    Result:

    • Provide a metadata file from service provider (SP) connections, which might include entity IDs, ACS URLs, and certificates. Click Choose file to provide the file.

    • Provide a URL to the metadata file. Click Or Use URL to provide the URL.

    • Skip this step and provide the Entity ID, ACS URL, certificate, and attributes, or all of this information, during the promotion process.

    If you choose to provide a metadata file, the information in the file shows on the page.

    Screen capture of the Select Metadata page after a metadata file is provided.
  2. Click Next.

  3. On the Map Attributes page, to map the application attributes to the identity attributes required to fulfill the authentication policy contract in PingFederate, select identity attributes in the Identity Attribute list or click to add static values in the Static Value field.

    1. Optional: If attribute sources are defined in the underlying connection, select the - Data Store - identity attribute option and the applicable data store values.

      To ensure successful promotion, the target PingFederate must have the necessary Data Stores with identical names as required for authentication policy contract mapping.

    2. Optional: To define an OGNL expression and fine-tune attribute values to meet your needs, select the - Expression - identity attribute option and enter an Expression Value in the appropriate field.

      Screen capture of the expressions you can add to your application attributes.
  4. When you’re finished, click Next.

  5. On the Describe Application page, enter the name of the application and a description in the appropriate fields.

    Result:

    You are adding this application to PingCentral, so your name will automatically populate the Owners field.

  6. Optional: To add owners or groups of owners, click the Owners field and select additional owners in the list. Click Next.

    If the name you are looking for isn’t showing in the list, contact your PingCentral administrator and request that the person be provisioned.

  7. Click Save and Close.

    Result:

    The application is added at the top of the list of applications on the Applications page.