PingOne for Enterprise

Integrate an application hosted on multiple URLs

About this task

If your application is hosted on multiple URLs, you can send users to any one of these URLs after they authenticate.

Use the appurl parameter to redirect users to your application. The appurl parameter is a URL in your domain to which the user is redirected after authenticating. Use this to override the Default Application URL value set on the Create connections page. Unlike a Default Application URL value, for appurl you cannot use a non-SSL URL for a test or development environment. Instead, you can use only SSL. If you specify a value here, you must have a matching value for the Hostname or Domainname entry on the Create connections page.

You can use either of the following approaches to integrate an application hosted on multiple URLs:

Steps

  • Do the PingOne token exchange processing for each URL. This is necessary if you cannot create a user session until you are at that URL. See Process the PingOne SSO for SaaS Apps token exchange for instructions.

    1. When you start SSO, each URL is then the value of the appurl parameter.

      Example:

      For example, if one of the URLs is https://acme.example.com/sso, starting SSO might look like this (URL-encoded):

         https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=saasId&idpid=idpId&appurl=https%3A%2F%2Facme.example.com%2Fsso
  • Do the PingOne token exchange processing at a single place in your application, and then redirect to a different URL after creating the user session. This is only possible if you can create a valid user session outside of that URL (such as, when there’s no subdomain restriction).

    1. Create a location to process the token exchange. For example, assuming all of the URLs are in an example.com subdomain (such as, example.com/acme/home), you might implement token exchange processing at https://example.com/finish-sso.

    2. Use the redirect_to parameter to form a URL-encoded value as the redirect.

      Example:

      For example, the redirect might look like this:

         https://example.com/finish-sso?redirect_to=https%3A%2F%2Facme.example.com%2Fsso
    3. To start SSO, use this redirect as the value of the appurl parameter.

      Use "%3F" before the redirect_to parameter.

      Example:

      For example:

         https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=saasId&idpid=idpId&appurl=https%3A%2F%2Fexample.com%2Ffinish-sso%3Fredirect_to%3Dhttps%253A%252F%252Facme.example.com%252Fsso