On the Service URL tab, enter the WS-Federation protocol endpoint of your service provider (SP) partner where PingFederate will send single sign-on (SSO) tokens and single logout (SLO) cleanup messages.
The SSO tokens are transmitted within a Request for Security Token Response (RSTR) message in response to a request for authentication from the SP. SLO cleanup messages are sent to your partner when PingFederate, as the identity provider (IdP), receives a user's SLO request. These cleanup messages indicate that the user's local session has been terminated.
To protect against session token hijacking, you can specify additional allowed domains and paths on this window. If the option to validate wreply for SLO is enabled, these additional domains and paths will also be taken into consideration as well. For more information, see Managing partner redirect validation.
Some federation use cases might require additional customizations in the RSTR message sent from the PingFederate IdP server to the SP. You can use OGNL expressions to fulfill these use cases.
If you are editing an existing connection, you can reconfigure any items, which might require additional configuration changes in subsequent tasks.