PingFederate Server

Configuring back-channel authentication for outbound messages

You can add and edit configuration settings for back-channel authentication for outbound messages.

Steps

On the Back-Channel Authentication tab, in the Send to your partner section, click Configure.

+ On the Outbound SOAP Authentication Type tab, choose one or more authentication methods.

HTTP Basic

When selected, the administrative console prompts you to enter the credentials on the Basic SOAP Authentication (Outbound) tab.You must obtain these credentials from your partner.

SSL Client Certificate

Applicable only if you specify an endpoint that uses HTTPS.When selected, the administrative console prompts you to specify your client certificate on the SSL Authentication Certificate tab. If you have not yet created or imported the client certificate, click Manage Certificates to do so. For more information, see Manage SSL client keys and certificates.

When exporting this client certificate for your partner, choose the Certificate Only option.

Digital Signature (Browser SSO profile only)

You select a signing certificate on the Digital Signature Settings tab.This option leverages on the digital signature of the message.

Perform validation on partner’s SSL server certificate when SSL used

By default, PingFederate validates your partner’s HTTPS server certificate, verifying that the certificate chain is rooted by a trusted certificate authority (CA) and that the hostname matches the certificate’s common name (CN).Clear the associated check box if you do not want this validation to occur.

These options can be used in any combination or independently.

  1. On the Summary tab, review your configuration and perform one of the following tasks:

    Choose from:

    • Amend your configuration by clicking the corresponding tab title, then follow the configuration wizard to complete the task.

    • Keep your changes by clicking Done and continue with the rest of the configuration.

      When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.

    • Discard your changes by clicking Cancel.