PingFederate 10.0 Product Administration User task Software Deployment Method Product documentation Content Type Single Sign-on (SSO) Capability Administrator Audience SAML Standards, specifications, and protocols
In this use case, PingFederate is bridging SSO and SLO transactions between an identity
provider and multiple service providers. For example, your company wants to route federation
requests from a recently acquired subsidiary through its federation infrastructure. With
PingFederate, you can multiplex one IdP connection to multiple SP connections to the desired
service providers. The federation hub consumes assertions from the subsidiary and creates
new assertions to the respective service providers.
Enable both the IdP and the SP roles with the applicable protocols on the System > Protocol Settings Settings > Roles & Protocols screen.
For each service provider, create a contract to the identity provider (see Federation hub and authentication policy contracts). Multiple contracts are likely required, because
each service provider may require a unique set of attributes.
Create an IdP connection between the identity provider and PingFederate (the federation
hub as the SP) and add to the IdP connection the applicable authentication policy
contract(s) on the Target Session Mapping screen.
For each service provider, create an SP connection between PingFederate (the federation
hub as the IdP) and the service provider and add to the SP connection the corresponding
authentication policy contract on the Authentication Source Mapping
screen.
For each service provider supporting the SAML IdP-initiated SSO profile, map the
expected target resources to the corresponding SP connections on the Service Provider > Target URL Mapping screen.
Work with the identity provider to connect to PingFederate (the federation hub as the
SP).
Work with each service provider to connect to PingFederate (the federation hub as the
IdP).
