Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
| 3 min read
Heroku Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
Tip: This
procedure provides instructions for configuring minimum required connection settings.
The instructions skip set-up screens in which all necessary information is automatically
configured (or in which standard defaults are used). The administrative console guides
you to required configuration steps automatically by displaying prompts at entry points
for the task flows. In general, you may add or change settings on all screens to suit
your special requirements.
-
If you have not already done so, use PingFederate to configure the IdP adapter
you want to use.
For information and instructions, see Managing IdP adapters in the PingFederate documentation.
- On the Main Menu, select Create New under SP Connections in the IdP Configuration section.
-
On the Connection Template page, select the
Do not use a template for this connection and click
Next.
- On the Connection Type screen, ensure that the Browser SSO profile is selected and click Next.
- On the Connection Options screen, ensure Browser SSO is selected and Xclick Next.
-
On the Import Metadata screen, click Choose file to locate and upload the
Heroku saml-metadata.xml file you created in Obtain the Heroku SAML 2.0 Metadata XML.
- On the Metadata Summary screen, click Next.
-
On the General Info screen, ensure that the Partner’s Entity ID
(Connection ID), Connection Name, and
Base URL are accurate. Change details if required and
click Next.
-
On the Browser SSO screen, click Configure
Browser SSO.
-
On the SAML Profiles screen, ensure that the
IdP-Initiated SSO and SP-Initiated
SSO profiles are selected and click Next.
-
On the Assertion Creation screen, click
Configure Assertion Creation.
-
On the Attribute Contract screen, ensure that the SAML_SUBJECT name format is
set to:
following:urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-
On the Authentication Source Mapping screen, click
Map New Adapter Instance and map the IdP Adapter
Instance you defined earlier in this procedure. When you return to the
Authentication Source Mapping screen, click Done.
Note: This configuration is site-dependent and cannot be pre-configured. For detailed information and instructions, see Managing authentication source mappings in the PingFederate documentation.
- When you return to the Assertion Creation screen, click Next
- On the Protocol Settings screen, click Configure Protocol Settings.
-
On the Allowable SAML Bindings screen, ensure that the
POSTand Redirect profiles are
selected (de-select Artifact and SOAP) and click Next.
- On the screen, ensure that the Always sign the SAML Assertion is selected and click Next.
- On the Browser SSO screen, click Next and on the Credentials screen, click Configure Credentials.
-
For more information, see Configuring digital signature settings in the PingFederate
documentation. If you have not yet created or imported a signing certificate, click
Manage Certificates and do so now. See Managing digital signing certificates and decryption keys in the PingFederate
documentation.
- Click Next.
- On the Summary screen, click Done.
- On the Credentials screen, click Next.
- On the Activation & Summary screen, Activate the SP Connection.
- On the Activation & Summary screen, click Save.