The single sign-on (SSO) service endpoint is where PingFederate sends requests when SSO is initiated at your site according to partner requirements. It applies to all SAML versions when the service provider (SP)-initiated SSO profile is enabled.
For SAML 2.0 connections, associate bindings to the endpoints where your identity provider (IdP) partner wants PingFederate to send authentication requests when SSO is initiated at your site.
For SAML 1.x, only one endpoint is allowed, and the binding selection is not required.
Some federation use cases might require additional customizations in the authentication requests sent from the PingFederate SP server to the IdP, such as including the optional Extensions element in the authentication requests. You can use OGNL expressions to fulfill these use cases.
Enter an SSO service endpoint.
Enter the SSO service endpoint in the Endpoint URL
You can enter a relative path, starting with a forward slash, if you have provided a base URL on the General Info tab.
For SAML 1.x connections, this is the only configurable item on the SSO Service URL tab.
The remaining steps on the SSO Service URLs tab only apply to SAML 2.0 connections.
- Select a SAML binding from the list; for example, POST.
- Click Add.
- Optional: Repeat to add additional SSO service endpoints.
- Enter the SSO service endpoint in the Endpoint URL field.
Customize messages using OGNL expressions.
Expressions are not enabled by default. For more information about enabling and editing OGNL expressions, see Attribute mapping expressions. Additionally, message customization does not apply to SAML 1.x connection.
- Click Show Advanced Customizations.
- Select a message type from the list.
Enter an OGNL expression to fulfill your use case.
For more information about Message Type, available variables, and sample OGNL expressions, see Customizing assertions and authentication requests.
- Click Add.
- Optional: Repeat to add another message customization.