• Configure PingFederate to authenticate against an identity provider (IdP) or datastore containing the users requiring application access.
  • PingFederate’s X.509 certificate should be exchanged to verify the signature in SAML assertions.
  • An email attribute is required in the assertion, either the SAML Subject or another SAML attribute per the SAML configuration. The value of the email attribute must be a valid email address. It is used to uniquely identify the user in the organization.
  • Populate SumoLogic with at least one user to test access.
  1. Create a PingFederate service provider (SP) connection for SumoLogic:
    1. Sign on to the PingFederate admin console.
    2. Configure using Browser SSO profile SAML 2.0.
    3. Set Partner’s Entity ID to https://service.eu.sumologic.com/.
    4. Enable the following SAML Profiles:
      • IdP-Initiated SSO
      • SP-Initiated SSO
    5. In Assertion Creation: Attribute Contract, select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
    6. In Assertion Creation: Authentication Source Mapping: Authentication Source Mapping, map a new Adapter Instance > HTML Form.
    7. In Assertion Creation: Authentication Source Mapping: Attribute Contract Fulfilment, map SAML_SUBJECT.
    8. In Protocol Settings: Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to https://service.eu.sumologic.com/sumo/saml/consume/596910108. This value is received and updated from SumoLogic.
    9. In Protocol Settings: Allowable SAML Bindings, enable POST.
    10. In Credentials: Digital Signature Settings, select the PingFederate Signing Certificate.
    11. Save the configuration.
    12. Export the signing certificate.
    13. Export and then open the metadata file and copy the value of:
      • The entityID
      • The Location entry (https://<your value>/idp/SSO.saml2)
  2. Add the PingFederate IdP Connection to SumoLogic:
    1. Sign on to the SumoLogic application.
      Note:

      In this example, we have registered and logged in using trial mode.

      Screen capture of SumoLogic dashboard.
    2. Go to Administration > Security > SAML.
      Screen capture of the SumoLogic Configuration List.
    3. Click Add Configuration.
      Screen capture of SumoLogic Add Configuration page.
    4. Add the following values:
      • Configuration Name: ‘pingfed’
      • Select the Debug Mode check box.
      • Issuer: The PingFederate Issuer value.
      • X.509 Certificate: Copy PingFederate’s X.509 certificate here for verifying the signature.
      • Attribute Mapping: Select Use SAML Subject.
      • Optional Settings: Leave the default settings.
      • Click Add.
      • Enable Require SAML Sign In.Screen capture of the SumoLogic Configuration List with pingfed added as a configuration.
    5. Select the pingfed configuration you have just created and copy the Assertion Consumer Service URL.
      Screen capture of the SumoLogic Configuration List page with pingfed selected.
    6. To enable SP-initiated SSO, select the pingfed configuration and click the Pencil icon above the ACS URL.
    7. Select the SP Initiated Login Configuration check box and enter the following values:
      • Login Path: enter a unique identifier for your organization. You can specify any alphanumeric string (with no embedded spaces), provided that it is unique to your organization. (You can't configure a Login Path that another Sumo customer has already configured).
      • Authn Request URL: enter the URL that the IdP has assigned for SumoLogic to submit SAML authentication requests to the IdP. For example, https://<idp server hostname>:9031/sso/idp/SSO.saml2
      • Select Binding Type: Post.Screen capture of SumoLogic pingfed editing section.
    8. Click Save.
    9. Click the saved pingfed configuration again and make note of the Authentication Request and EntityID URLs.