Selecting SAML profiles - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

A SAML profile is the message-interchange scenario that you and your federation partner agree to use. It defines the settings that support SAML usage for applications.

For SAML 2.0, PingFederate supports all identity provider (IdP) and service provider (SP)-initiated single sign-on (SSO) and single logout (SLO) profiles. For SAML 1.x, PingFederate supports both the standard IdP-initiated SSO profile and a proprietary "destination-first" SP-initiated SSO profile.

Note:

When configuring a local loopback connection, in which one PingFederate instance is both the identity provider and the service provider, disable the IdP-Initiated SLO and SP-Initiated SLO options on the Browser SSO window's SAML Profiles tab. These options determine whether SAML logout requests should be sent to the partner during the SLO flow. Those requests aren't necessary and can cause unexpected behavior when the partner connection exists locally. All local sessions for loopback connections are terminated during the SLO flow without the need to send SAML requests.

For information on typical SAML SSO and SAML 2.0 SLO profile configurations, including illustrations, see SAML 1.x profiles and SAML 2.0 profiles.
Note:

The SAML Profiles tab does not apply to OpenID Connect and WS-Federation IdP connections.

Select the applicable profiles based on your partner agreement.
For SAML 2.0, you must select at least one SSO profile.

For SAML 1.x, IdP-initiated SSO is assumed and the specifications do not support SLO; the only choice on this tab is SP-initiated SSO.