Configuring PingFederate as a federation hub accomplishes two primary functions.
Configure PingFederate as a federation hub to:
- Bridge partners using different federation protocols to circumvent partner or application limitations.
- Multiplex a connection for multiple partners to reduce costs and expand use cases.
As a federation hub, PingFederate bridges browser-based single sign-on (SSO) between identity providers and service providers. It stands in the middle of the SSO and single log-out (SLO) flow, acting as the service provider (SP) for the identity providers and as the identity provider (IdP) for the service providers. The four use cases are:
- Bridging an IdP to an SP
- Bridging an IdP to multiple SPs
- Bridging multiple IdPs to an SP
- Bridging multiple IdPs to multiple SPs
PingFederate also supports protocol translation among SAML 1.0, 1.1, 2.0, OpenID Connect, and WS-Federation. For SAML-based connections, this also means it is possible to bridge between various bindings between identity providers and service providers.
The federation hub capability deploys alongside with other OAuth use cases, IdP connections, SP connections, or any combination of them, to your partners. This flexibility helps in streamlining your federation infrastructure and reducing operating costs.