Choosing an SP connection type - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

You can manually create service provider (SP) connections in PingFederate using browser single sign-on (SSO), WS-Trust security token service (STS), outbound provisioning, or any combination thereof.

If you are not using a connection template, which pre-configures browser-based SSO, indicate on the Connection Type tab whether the connection to this partner is for Browser SSO, WS-Trust STS, outbound provisioning, or any combination of them.
Tip:

You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.

Note:

If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Each connection must use a unique (partner) connection ID.

  1. Go to Applications > Integration > SP Connections.
  2. Click Create Connection.
  3. Select Do not use a template for this connection.
  4. To configure a connection for secure browser-based SSO, select the Browser SSO Profiles check box.

    If you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.

    For a WS-Federation connection, select the desired token type, either SAML 1.1, SAML 2.0, or JWT (JSON Web Token).

    Note:

    For information about creating a SAML application, see Configuring a SAML application in PingFederate.

    Tip:

    If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.

    Tip:

    PingFederate can encrypt the subject and attributes of SAML 2.0 assertions.

    For information about configuring encryption policies on a PingFederate identity provider (IdP), see Configuring XML encryption policy (SAML 2.0).

    For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).

  5. Optional: Choose one or both of the following depending on your configuration needs.
    Connection TemplateStep
    WS-TRUST STS Select the WS-Trust STS check box.
    Outbound Provisioning Select Outbound Provisioning and then select the provisioning type from the list.
  6. If your PingFederate license manages connections by groups, select a license group for this connection.

    This option is not shown for unrestricted or other types of licenses.

  7. To save your settings, click Next.