Defining artifact resolver locations (SAML)
When you enable the artifact binding as one of the allowable bindings on the Allowable SAML Bindings tab, you must provide an artifact resolution service (ARS) endpoint.
About this task
The ARS endpoint is the location where PingFederate sends back-channel requests to resolve artifacts received from the identity provider (IdP).
SAML 2.0 connections allow multiple ARS endpoints. For SAML 1.x connections, you can only enter one ARS endpoint.
Steps
-
Enter an ARS endpoint.
-
Enter the ARS endpoint URL.
You can enter a relative path, starting with a forward slash, if you provide a base URL on the General Info tab.
Result:
If you are configuring a SAML 1.x connection, you can only enter one ARS endpoint on the Artifact Resolver Location tab.
-
Optional: Enter an integer in the Index field for this ARS endpoint.
This is applicable only to SAML 2.0 connections.
The administrative console automatically assigns an index value for each ARS endpoint, starting from 0. If you want to define your own index values, you must make sure the index values are unique.
-
Click Add.
-
Optional: Repeat to add additional ARS endpoints.
This is applicable only to SAML 2.0 connections.
When specifying multiple ARS endpoints, each endpoint must share the same transport protocol. That is, if one endpoint uses HTTPS, then all must use HTTPS. Similarly, if one endpoint uses HTTP, then all must use HTTP.
-
-
Optional: Enter your partner’s source ID.
The source ID is usually a generated value based on a federation partner’s connection ID; the PingFederate service provider (SP) server will correctly generate the source ID. If that is the case for this partner, then leave this field blank. If your partner uses a Source ID that is not based on the Issuer ID, then enter the Source ID supplied by your IdP partner.
Result
You can reconfigure any ARS endpoint or the source ID value for SAML 1.x if you are editing an existing connection.