Some Browser SSO use cases may require additional customizations in the assertions sent from the PingFederate IdP server to the SP or the authentication requests sent from the PingFederate SP server to the IdP. PingFederate is capable of fulfilling these use cases on a per-connection basis using OGNL expressions.

  1. If you have not already done so, enable OGNL expression by editing the org.sourceid.common.ExpressionManager.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Select the applicable SP or IdP connection.
  3. On the Activation & Summary page, scroll down to the Protocol Settings section, and click Assertion Consumer Service URL for an SP connection, or click SSO Service URLs for an IdP connection.
  4. Click Show Advanced Customizations to begin customizing the applicable message.
    The available Message Types that can be customized varies depending your federation role (IdP or SP) as well as the protocol of the connection (SAML 1.x, SAML 2.0, and WS-Federation). Once a message type is selected, you have access to a list of the Available Variables. By calling various methods, you can customize the assertions or the authentication requests to fulfill your use case.