Bridging an IdP to an SP - PingFederate

Bridging an IdP to an SP - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Administration User task Software Deployment Method Product documentation Content Type Single Sign-on (SSO) Capability Administrator Audience SAML Standards, specifications, and protocols

In this use case, PingFederate is bridging SSO and SLO transactions between an identity provider and a service provider. For example, you may have a legacy IdP system that is only capable of sending SAML 1.1 assertions via POST. Your service provider however requires SAML 2.0 assertions via the artifact binding. With federation hub, you can configure PingFederate to consume inbound SAML 1.1 assertions (by POST), translate them to SAML 2.0 assertions, and send them via the artifact binding to the service provider.

Enable both the IdP and the SP roles with the applicable protocols on the System > Protocol Settings > Roles & Protocols screen.
Create a contract to bridge the attributes between the identity provider and the service provider (see Federation hub and authentication policy contracts).
Create an IdP connection between the identity provider and PingFederate (the federation hub as the SP) and add to the IdP connection the applicable authentication policy contract(s) on the Target Session Mapping screen.
Create an SP connection between PingFederate (the federation hub as the IdP) and the service provider and add to the SP connection the corresponding authentication policy contract on the Authentication Source Mapping screen.
Work with the identity provider to connect to PingFederate (the federation hub) as the SP.
Work with the service provider to connect to PingFederate (the federation hub) as the IdP.