PingFederate Server

Configuring back-channel authentication (SAML)

Depending on your browser single sign-on (SSO) use cases, the administrative console prompts you to configure authentication requirements for inbound messages, outbound messages, or both.

About this task

See the following table for more information about the back-channel configuration (SAML) authentication requirements.

Use case Back-channel authentication requirements Back-channel messages

A connection is configured with a SAML ACS endpoint that uses the artifact binding on Protocol Settings → Assertion Consumer Service URL.

Inbound

Artifact resolution requests

A connection is configured with a SAML 2.0 SLO endpoint that uses the artifact binding on Protocol Settings → SLO Service URLs.

Inbound

Artifact resolution requests

SOAP messages

A connection is configured with a SAML 2.0 SLO endpoint that uses the SOAP binding on Protocol Settings → SLO Service URLs.

Outbound

SOAP SLO messages

The SAML 2.0 Artifact binding is enabled on Protocol Settings → Allowable SAML Bindings.

Outbound

Outbound artifact resolution requests

The SOAP binding is enabled on Protocol Settings → Allowable SAML Bindings.

Inbound

Inbound SOAP messages

The SAML 2.0 Attribute Query profile is enabled on the Connection Options tab.

Inbound

Inbound Attribute Query requests

Steps

  • See subsequent topics for configuration steps.