Configuring back-channel authentication (SAML) - PingFederate

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task Single Sign-on (SSO) Capability Software Deployment Method Product documentation Content Type Administrator Audience SAML Standards, specifications, and protocols

Depending on your Browser SSO use cases, the administrative console prompts you to configure authentication requirements for inbound messages, outbound messages, or both. Refer to the following table for more information.

Use case	Back-channel authentication requirements	Back-channel messages
A connection is configured with a SAML ACS endpoint that uses the artifact binding on the Protocol Settings > Assertion Consumer Service URL screen.	Inbound	Artifact resolution requests
A connection is configured with a SAML 2.0 SLO endpoint that uses the artifact binding on the Protocol Settings > SLO Service URLs screen	Inbound	Artifact resolution requests SOAP messages
A connection is configured with a SAML 2.0 SLO endpoint that uses the SOAP binding on the Protocol Settings > SLO Service URLs screen	Outbound	SOAP SLO messages
The SAML 2.0 Artifact binding is enabled on the Protocol Settings > Allowable SAML Bindings screen	Outbound	Outbound artifact resolution requests
The SOAP binding is enabled on the Protocol Settings > Allowable SAML Bindings screen	Inbound	Inbound SOAP messages
The SAML 2.0 Attribute Query profile is enabled on the Connection Options screen	Inbound	Inbound Attribute Query requests

Refer to subsequent topics for configuration steps.

Configuring back-channel authentication (SAML) - PingFederate - 10.0

PingFederate Server