PingFederate can be configured as a federation hub to:

  • Bridge partners using different federation protocols to circumvent partner or application limitations.
  • Multiplex a connection for multiple partners to reduce costs and expand use cases.

As a federation hub, PingFederate can bridge browser-based SSO between identity providers and service providers. It stands in the middle of the SSO and SLO flow, acting as the SP for the identity providers and as the IdP for the service providers. The four use cases are:

  • Bridging an IdP to an SP
  • Bridging an IdP to multiple SPs
  • Bridging multiple IdPs to an SP
  • Bridging multiple IdPs to multiple SPs

PingFederate also supports protocol translation among SAML 1.0, 1.1, 2.0, OpenID Connect, and WS-Federation. For SAML based connections, this also means it is possible to bridge between various bindings between identity providers and service providers.

The federation hub capability can be deployed alongside with other OAuth use cases, IdP connections, SP connections, or any combination of them, to your partners. This flexibility helps in streamlining your federation infrastructure and reducing operating costs.