When the artifact binding is enabled is enabled as one of the allowable bindings on the Allowable SAML Bindings screen, you must provide an artifact resolution service (ARS) endpoint. This is the location where PingFederate sends back-channel requests to resolve artifacts received from the IdP.

SAML 2.0 connections allows multiple ARS endpoints. For SAML 1.x connection, you can only enter one ARS endpoint.

  1. Enter an ARS endpoint.
    1. Enter the ARS endpoint URL.
      You may enter a relative path (begin with a forward slash) if you have provided a base URL on the General Info screen.

      If you are configuring a SAML 1.x connection, you can only enter one ARS endpoint on the Artifact Resolver Location screen.

    2. Optional: Enter an integer to the Index field for this ARS endpoint.
      (Applicable only to SAML 2.0 connections.)

      The administrative console automatically assigns an index value for each ARS endpoint, starting from 0. If you want to define your own index values, you must make sure the index values are unique.

    3. Click Add.
    4. Optional: Repeat to add additional ARS endpoints.
      (Applicable only to SAML 2.0 connections.)
      Note:

      When specifying multiple ARS endpoints, each endpoint must share the same transport protocol. That is, if one endpoint uses HTTPS, then all must use HTTPS. Similarly, if one endpoint uses HTTP, then all must use HTTP.

  2. Optional: Enter your partner's source ID.
    The source ID is usually a generated value based on a federation partner's connection ID; the PingFederate SP server will correctly generate the source ID. If that is the case for this partner, then leave this field blank. If your partner uses a Source ID that is not based on the Issuer ID, then enter the Source ID supplied by your IdP partner.

If you are editing an existing connection, you may reconfigure any ARS endpoint (or the source ID value for SAML 1.x).