SAML 2.0 and PingAccess templates - PingCentral - 2.0

PingCentral

bundle
pingcentral-20
ft:publication_title
PingCentral
Product_Version_ce
PingCentral 2.0
category
Administrator
Audience
Developer
Product
Troubleshootingtask
Usertask
pc-20
pingcentral
ContentType_ce

Add, update, or delete SAML and PingAccess templates to meet your needs, or revert them to previous versions, as necessary.

To add a SAML or PingAccess template, select a configuration to replicate. PingCentral retrieves this configuration and saves it as a template, which serves as a building block for future applications.

Adding SAML application templates

  1. All templates are listed on the Templates page. To add a new template, click Add Template.
  2. On the Integration Type page, select SAML. Click Next.
  3. On the Select SAML Connection page, select the PingFederate environment that hosts the connection you want to use as a template, and then select the connection from the Connection list.
    Note:

    If an environment is offline or if a PingCentral administrator has set the environment status to Disabled, you will be unable to select a disabled environment for template creation.

    Details regarding the connection display.


    This example shows the information that displays when a SAML connection is selected.
  4. To see the JSON for the SAML connection, click Review Configuration.
  5. On the Name Template page, add a name and description for your template.

    This information will help application owners select the appropriate template.

  6. Select an icon to represent your template.

    The icon you choose is shown with the template name and description.

  7. Optional: If multiple authentication policy contracts exist in the underlying connection, choose the desired contract from the Authentication Policy Contracts list.
  8. Click Save and Close.

    You see the new template in the list of available application templates. Application owners see the new template on the Select Template page.


    This example shows the Select Template screen, which lists the templates available for application owners to use.

    For SAML SP connection templates, the following items are saved:

    • Connection information
    • Attribute names and, if applicable, attribute sources defined in the associated authentication policy contract

Adding PingAccess application templates

  1. All templates are listed on the Templates page. To add a new template, click Add Template.
  2. On the Integration Type page, select PingAccess. Click Next.
  3. On the Select PingAccess Application page, in the Environment list, select the PingAccess environment that hosts the application you want to use as a template.
  4. In the Application list, select the application.

    The application details display next to the Application list.


    This example shows the information that displays when a Web + API application is selected on the Select PingAccess Application page. This information includes Description, Virtual Hosts, Context Root, Application Type, Destination Type, Site, Access Validation, Web Session, Client ID, API Identity Mapping, Web Identity Mapping, Resources, and Rules.
  5. To see the JSON for the PingAccess application, click Review Configuration.
  6. On the Name Template page, add a name and description for your template.

    This information helps application owners select the appropriate template.

  7. Select an icon to represent your template.

    The icon you choose is shown with the template name and description.

  8. Click Save and Close.

    You see the new template in the list of available application templates. Application owners can see the new template on the Select Template page.


    A screen capture showing the Select Template page, which lists the templates available for application owners to use. The displayed available templates are Public Application, Internal Application (and Partners), Access Control Policy, Existing Application. Public Application is an OpenID Connect template. Internal Application (and Partners) is an OAuth template. Access Control Policy is a PingAccess template. The screen capture also shows a tip bar for how to choose the right template.

    For PingAccess applications, the following items are saved:

    • Virtual host information
    • The context root
    • Application type (Web, API, or Web + API)
    • Destination type (site or agent)
    • Web session information
    • Identity mappings
    • Resource definitions
    • The rules with the application and resource policies

Updating SAML and PingAccess templates

Applications based on outdated templates have Outdated Template icons associated with them, which inform application owners of changes.

  1. To update a SAML or PingAccess template, click the Expand icon associated with the template.
  2. If the template is based on an outdated configuration, you can click the Sync button to sync the template with the latest configuration available.
  3. Click the Pencil icon.

    All of the editable information is on one page.

  4. Update the information in the Name and Description fields or select a new icon to represent the template.
  5. Click Save.

Reverting templates to previous versions

The history of each template is available to review and compare with previous versions. You can see which administrator modified the template configuration or policy contract, when it was modified, and details regarding these modifications. You can revert templates to previous versions if necessary.

  1. To review the template history, click the Expand icon associated with the template, and then click the History tab.
  2. Click the Details link associated with each template version to see its configuration.
  3. To restore this version as the current version, click Restore This Version.
    A new version of the template is created that matches the configuration of the version that you want to restore.
    Attention: The template revision numbers increment on a system-wide level, not on a per-template basis. So the first time any template in PingCentral is changed, it will have a revision of 1. A change made to a completely different template results in a revision of 6, and so forth. Reverting a template generates another revision, which again increments on a system-wide basis.