Configuring back-channel authentication (SAML) - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

Depending on your browser single sign-on (SSO) use cases, the administrative console prompts you to configure authentication requirements for inbound messages, outbound messages, or both.

See the following table for more information about the back-channel configuration (SAML) authentication requirements.

Use case Back-channel authentication requirements Back-channel messages
A connection is configured with a SAML ACS endpoint that uses the artifact binding on Protocol Settings > Assertion Consumer Service URL. Inbound Artifact resolution requests
A connection is configured with a SAML 2.0 SLO endpoint that uses the artifact binding on Protocol Settings > SLO Service URLs. Inbound Artifact resolution requests

SOAP messages

A connection is configured with a SAML 2.0 SLO endpoint that uses the SOAP binding on Protocol Settings > SLO Service URLs. Outbound SOAP SLO messages
The SAML 2.0 Artifact binding is enabled on Protocol Settings > Allowable SAML Bindings. Outbound Outbound artifact resolution requests
The SOAP binding is enabled on Protocol Settings > Allowable SAML Bindings. Inbound Inbound SOAP messages
The SAML 2.0 Attribute Query profile is enabled on the Connection Options tab. Inbound Inbound Attribute Query requests
See subsequent topics for configuration steps.