The IdP sample application simulates the IdP-initiated SSO/SLO scenario in which users authenticate to an IdP locally in order to access a remote SP application. In this scenario, users may be accessing a company portal that provides links to partner applications such as local news and weather, stock market information, and HR and 401(k) benefits.

When you authenticate locally to the IdP sample application, no communication occurs between that application and PingFederate. The user authenticates using the local user store; no SAML use cases are invoked. However, when you click a link to a third-party application, such as your company's 401(k) provider, the IdP initiates an SSO transaction.

  1. Start the PingFederate and Apache HTTP servers or the PHP built-in web server.
  2. In a browser, open the sample application:


  3. On the main page, click Login Locally.
  4. On the Identity Provider Login page, sign on as any of the listed users with a password of test.
  5. Click Login.
  6. On the Identity Provider screen, try the following:
    1. Optional: To begin an IdP-iniated SSS to the SP sample application, click the Single Sign-On. This starts a user session on the SP and redirects you to the SP sample application. For more information, see Using the SP Sample Application.
    2. Optional: After signing on to the SP sample application and returning to the Identity Provider main page, click Single Sign-Out to initiate a SLO request to the SP. This ends your user session on the SP as well as your local user session.