Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
| 2 min read
Amazon Amazon Web Services Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
Create an SP connection in PingFederate to communicate single sign-on (SSO) information to Amazon Web Services (AWS).
Note: You can follow these steps to create a new SP connection, or you can modify an
existing connection.
- Download the latest SAML metadata file from Amazon. Save it as aws-saml-metadata.xml.
-
In the PingFederate administrator console, configure an SP connection.
- On the Identity Provider screen, in the SP Connections area, click Create new.
- On the Connection Template screen, select Use a template for this connection.
- In the Connection Template list, select Amazon Web Services Connector.
- Click Choose File, select the aws-saml-metadata.xml that you downloaded, and then click Open. Click Next.
- On the Connection Type screen, select Browser SSO Profiles and clear Outbound Provisioning. Click Next.
- On the Connection Options screen, click Next.
- On the General Info screen, the basic connection information is populated by the metadata XML file. Click Next.
-
On the Browser SSO screen, configure browser SSO.
For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.
- On the Browser SSO > Assertion Creation > IdP Adapter Mapping > Attribute Contract Fulfillment screen, on the SAML_SUBJECT line, select a source.
- On the https://aws.amazon.com/SAML/Attributes/Role line, select Text.
-
In the Value field, type the role ARN and
provider ARN that you noted in Creating an identity provider in Amazon Web Services, and Creating a federation role in Amazon Web Services.
Separate the ARNs with a comma, as follows:
<role ARN>,<provider ARN>
- On the https://aws.amazon.com/SAML/Attributes/RoleSessionName line, select a value to use as the user's display name in AWS.
-
On the Credentials screen, configure the connection
credentials.
See Configuring credentials in the PingFederate documentation.
- On the Activation and Summary screen, above the Summary section, click the toggle button to enable the connection. Click Save.