The SSO service endpoint is a location to which PingFederate to send authentication requests when SSO is initiated at your site, according to partner requirements. It is applicable to all SAML versions when the SP-initiated SSO profile is enabled.

For SAML 2.0 connections, you associate bindings to the endpoints where your IdP partner wants PingFederate to send authentication requests when SSO is initiated at your site.

For SAML 1.x, only one endpoint is allowed, and the binding selection is not required.

Some federation use cases may require additional customizations in the authentication requests sent from the PingFederate SP server to the IdP, such as including the optional Extensions element in the authentication requests. You can use OGNL expressions to fulfill these use cases.

  1. Enter an SSO service endpoint.
    1. Enter the SSO service endpoint to the Endpoint URL field.
      You may enter a relative path (begin with a forward slash) if you have provided a base URL on the General Info screen.

      For SAML 1.x connections, this is the only configurable item on the SSO Service URL screen.

      The remaining steps on the SSO Service URLs screen are only applicable to SAML 2.0 connections.

    2. Select a SAML binding from the list; for example, POST.
    3. Click Add.
    4. Optional: Repeat to add additional SSO service endpoints.
  2. Optional: Customize messages using OGNL expressions.
    Note that expressions are not enabled by default. For more information about enabling and editing OGNL expressions, see Attribute mapping expressions. In addition, message customization is not applicable to SAML 1.x connection.
    1. Click Show Advanced Customizations.
    2. Select a message type from the list.
    3. Enter an OGNL expression to fulfill your use case.

      For more information about Message Type, available variables, and sample OGNL expressions, see Customizing assertions and authentication requests.

    4. Click Add.
    5. Optional: Repeat to add another message customization.