PingFederate 10.0 Product Administration User task Software Deployment Method Product documentation Content Type Single Sign-on (SSO) Capability Administrator Audience SAML Standards, specifications, and protocols
In this use case, PingFederate is bridging SSO and SLO transactions between an identity
provider and a service provider. For example, you may have a legacy IdP system that is only
capable of sending SAML 1.1 assertions via POST. Your service provider however requires SAML
2.0 assertions via the artifact binding. With federation hub, you can configure PingFederate
to consume inbound SAML 1.1 assertions (by POST), translate them to SAML 2.0 assertions, and
send them via the artifact binding to the service provider.
Enable both the IdP and the SP roles with the applicable protocols on the System > Protocol Settings > Roles & Protocols screen.
Create an IdP connection between the identity provider and PingFederate (the federation
hub as the SP) and add to the IdP connection the applicable authentication policy
contract(s) on the Target Session Mapping screen.
Create an SP connection between PingFederate (the federation hub as the IdP) and the
service provider and add to the SP connection the corresponding authentication policy
contract on the Authentication Source Mapping screen.
Work with the identity provider to connect to PingFederate (the federation hub) as the
SP.
Work with the service provider to connect to PingFederate (the federation hub) as the
IdP.