Customizing assertions and authentication requests
Customize applicable messages by enabling OGNL expression and going to the URL window to access the Show Advanced Customizations option.
About this task
Some browser single sign-on (SSO) use cases might require additional customizations in the assertions sent from the PingFederate identity provider (IdP) server to the service provider (SP), or in the authentication requests sent from the PingFederate SP server to the IdP. PingFederate can fulfill these use cases on a per-connection basis using OGNL expressions.
Steps
-
Enable OGNL expression by editing the
org.sourceid.common.ExpressionManager.xml
file, located in the<pf_install>/pingfederate/server/default/data/config-store
directory. -
Select the applicable SP or IdP connection.
-
On the Activation & Summary window, scroll to the Protocol Settings section, and click Assertion Consumer Service URL for an SP connection, or click SSO Service URLs for an IdP connection.
-
Click Show Advanced Customizations to customize the applicable message.
The available customizable Message Types vary depending on your federation role (IdP or SP) as well as the protocol of the connection (SAML 1.x, SAML 2.0, and WS-Federation). After you select a message type, you have access to its list of Available Variables. You can customize the assertions or the authentication requests as needed.