Some browser single sign-on (SSO) use cases might require additional customizations in the assertions sent from the PingFederate identity provider (IdP) server to the service provider (SP), or in the authentication requests sent from the PingFederate SP server to the IdP. PingFederate can fulfill these use cases on a per-connection basis using OGNL expressions.

  1. Enable OGNL expression by editing the org.sourceid.common.ExpressionManager.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Select the applicable SP or IdP connection.
  3. On the Activation & Summary window, scroll to the Protocol Settings section, and click Assertion Consumer Service URL for an SP connection, or click SSO Service URLs for an IdP connection.
  4. Click Show Advanced Customizations to customize the applicable message.

    The available customizable Message Types vary depending on your federation role (IdP or SP) as well as the protocol of the connection (SAML 1.x, SAML 2.0, and WS-Federation). After you select a message type, you have access to its list of Available Variables. You can customize the assertions or the authentication requests to fulfill your use case,