SSO integration concepts
PingFederate supports both identity provider (IdP) and service provider (SP) integration.
For an IdP, the first step in the integration process involves sending identity attributes from an authentication service or application to PingFederate. PingFederate uses those identity attributes to generate a SAML assertion. For information about SAML, see Supported standards. IdP integration typically provides a mechanism through which PingFederate looks up a user’s current authenticated session data, such as a cookie, or authenticate a user without such a session.
For an SP, the last step of the integration process involves sending identity attributes from PingFederate to the target application. PingFederate extracts the identity attributes from the incoming SAML assertion and sends them to the target application to set a valid session cookie or other application-specific security context for the user.
The following diagram illustrates the basic concepts of integration with PingFederate.