Page created: 28 Jun 2022
|
Page updated: 28 Jun 2022
The following figure shows a basic SSO scenario in which a PingFederate server authenticates users to an SP application using the MobileIron Adapter.
Processing Steps
- A user with an MobileIron enrolled device requests access to an SP resource. The request is redirected to PingFederate to perform X.509 Authentication.
- The browser requests the user’s X.509 certificate. The PingFederate X.509 Certificate Adapter validates the certificate against a list of issuers. If no issuers are specified in the Adapter setup, it uses the server’s list of trusted CAs instead.
- The certificate is validated and the Device Identifier is parsed from the certificate. The Device Identifier is then passed to the MobileIron Adapter.
- The Device Identifier is used to contact the MobileIron Device API to retrieve the device’s posture.
- The result of the authentication is returned, and if successful, the user is redirected to the requested resource.