PingFederate Server

Choosing an SP connection type

You can manually create service provider (SP) connections in PingFederate using browser single sign-on (SSO), WS-Trust security token service (STS), outbound provisioning, or any combination thereof.

About this task

If you are not using a connection template, which pre-configures browser-based SSO, indicate on the Connection Type tab whether the connection to this partner is for Browser SSO, WS-Trust STS, outbound provisioning, or any combination of them.

You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.

If your partner’s deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Each connection must use a unique (partner) connection ID.

Steps

  1. Go to Applications → Integration → SP Connections.

  2. Click Create Connection.

  3. Select Do not use a template for this connection.

  4. To configure a connection for secure browser-based SSO, select the Browser SSO Profiles check box.

    If you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.

    For a WS-Federation connection, select the desired token type, either SAML 1.1, SAML 2.0, or JWT (JSON Web Token).

    For information about creating a SAML application, see Configuring a SAML application in PingFederate.

    If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.

    PingFederate can encrypt the subject and attributes of SAML 2.0 assertions.

    For information about configuring encryption policies on a PingFederate identity provider (IdP), see Configuring XML encryption policy (SAML 2.0).

    For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).

  5. Optional: Choose one or both of the following depending on your configuration needs.

    Connection Template Step

    WS-TRUST STS

    Select the WS-Trust STS check box.

    Outbound Provisioning

    Select Outbound Provisioning and then select the provisioning type from the list.

  6. If your PingFederate license manages connections by groups, select a license group for this connection.

    This option is not shown for unrestricted or other types of licenses.

  7. To save your settings, click Next.