As an SP, you manage connection settings to support the exchange of federation-protocol messages (OpenID Connect, SAML, WS-Federation, or WS-Trust) with an IdP, OAuth client, OpenID Provider (OP), or STS client application at your site.
- User attributes that you expect to receive in an SSO token (SAML assertion or WS-Trust STS SAML token).
- User attributes the you expect the OP to return in an ID token or through its user information (UserInfo) endpoint on-demand.
- User attributes that may be requested using the SAML Attribute Query profile (if that profile is used).
- The protocol, profiles, and bindings of the connection, including detailed security specifications (the use of back-channel authentication, digital signatures, signature verification, and XML encryption).
To establish a connection, you and your partner must have decided this information in advance (see Federation planning checklist).
As an SP, you respond to user requests for SSO and SLO by creating or closing user sessions, respectively, in local applications. You integrate these applications with PingFederate by configuring them with SP adapter instances. Furthermore, in preparation for configuring a new SSO connection, you need to know which adapter instance or authentication policy contract to use (see Managing target session mappings).
(No adapter instance or authentication policy contract is required for a connection that uses only the Attribute Query profile. For more information, see Manage Attribute Query profile.)
If you intend to pass attribute values to an adapter instance from a local datastore, you must define the datastore during this configuration, if you have not done so already (see Managing datastores).
You manage connection settings using the IdP Connection wizard, which organizes the settings into a series of primary tasks. Some primary tasks have one or more levels of sub tasks. Each primary or sub task has its own screen, where you manage one or more settings. You may move to a sibling task using the Next or Previous button. If you are on a sub task, you may also move to its parent task using the Done button.
When creating a new connection, you may save your progress using the Save Draft button. Note that not all screens offer this option. When you reach the Activation & Summary screen, you must click Save to complete the new connection.
When editing an existing connection, you may make changes and then click Save to commit your changes. In order words, you are not required to step through all screen to reach the Activation & Summary screen before you can save your changes.
The Save button is available on most screen. If a screen does not show a Save button, click Next or Done until you reach to a screen where you can use its Save button to commit your changes.