Specifying federation information
Federation information identifies your federation deployment to your partners, according to the protocols you support.
About this task
You must provide an ID that uniquely identifies your federation gateway for each protocol you support. For WS-Trust security token service (STS), IDs are required for both SAML 2.0 and SAML 1.x, regardless of browser-based single sign-on (SSO) protocol support or the type of token expected to be issued, to ensure that the STS will perform correctly under all conditions.
Each ID normally applies across all connection partners for a given protocol. However, if your implementation requires different IDs for the same protocol, you can use virtual server IDs. For more information, see Federation planning checklist. |
Steps
-
Go to System → Server to open the Protocol Settings window.
-
On the Federation Info tab, provide the required information.
For more information, see the following table.
Field Description Base URL
The fully qualified host name, port, and path (if applicable) on which the PingFederate server runs. This field is used to populate configuration settings in metadata files. For more information, see Metadata export.
SAML 2.0 Entity ID
This ID defines your organization as the entity operating the server for SAML 2.0 transactions. It is usually defined as an organization’s URL or a DNS address, for example:
pingidentity.com
. The SAML SourceID used for artifact resolution is derived from this ID using SHA1.SAML 1.x Issuer/Audience
This ID identifies your federation server for SAML 1.x transactions. As with SAML 2.0, it is usually defined as an organization’s URL or a DNS address. The SourceID used for artifact resolution is derived from this ID using SHA1.
SAML 1.x Source ID
(Optional) If supplied, the Source ID value entered here is used for SAML 1.x, instead of being derived from the SAML 1.x Issuer/Audience.
WS-Federation Realm
The URI of the realm associated with the PingFederate server. A realm represents a single unit of security administration or trust.
-
Click Next and continue with the rest of the configuration.
When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.