Customizing assertions and authentication requests - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

Customize applicable messages by enabling OGNL expression and going to the URL window to access the Show Advanced Customizations option.

Some browser single sign-on (SSO) use cases might require additional customizations in the assertions sent from the PingFederate identity provider (IdP) server to the service provider (SP), or in the authentication requests sent from the PingFederate SP server to the IdP. PingFederate can fulfill these use cases on a per-connection basis using OGNL expressions.

  1. Enable OGNL expression by editing the org.sourceid.common.ExpressionManager.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Select the applicable SP or IdP connection.
  3. On the Activation & Summary window, scroll to the Protocol Settings section, and click Assertion Consumer Service URL for an SP connection, or click SSO Service URLs for an IdP connection.
  4. Click Show Advanced Customizations to customize the applicable message.
    The available customizable Message Types vary depending on your federation role (IdP or SP) as well as the protocol of the connection (SAML 1.x, SAML 2.0, and WS-Federation). After you select a message type, you have access to its list of Available Variables. You can customize the assertions or the authentication requests as needed.