Configuring the IdP adapter

Use Cases

bundle
solution-guides
ft:publication_title
Use Cases
Product_Version_ce
category
ContentType
howtodoc
ContentType_ce
How-to

Configure an identity provider (IdP) in PingFederate.

The following steps are the minimum to set up an HTML adapter to validate against AD.

  1. In the PingFederate administrative console, go to Authentication > Integration > IdP Adapters.
  2. Click Create New Instance.
  3. On the Type tab, in the Instance Name and Instance ID fields, enter a name and ID.
  4. From the Type list, select HTML Form IdP Adapter.
    Screen capture of the Type tab showing the completed Instance Name and Instance ID fields and HTML Form IdP Adapter selected from the Type list.
  5. Click Next.
  6. On the Idp Adapter tab, in the Password Credential Validator Instance section, click Add a new row to 'Credential Validators'.
  7. From the Password Credential Validator Instance list, select the appropriate PCV, and then click Update.
    Screen capture of the IdP Adapter tab showing the corresponding fields.
  8. Review and modify any other fields as needed, and then click Next.

    Many fields have default values. Make adjustments as needed.

  9. On the Extended Contract tab, confirm the default values and add additional attributes as needed.
  10. Click Next.
  11. On the Adapter Attributes tab, select the attributes to receive a pseudonym to uniquely identify a user and any attributes that must be masked in the log files.
    Screen capture of the Adapter Attributes tab showing the check boxes to select to give attributes pseudonyms or mask log values.
  12. Click Next.
  13. On the Adapter Contract Mapping tab, click Configure Adapter Contract.
  14. On the Attribute Sources & User Lookup tab, fulfill the adapter contract with the adapter’s default values, or use these values plus additional attributes retrieved from local data stores.
  15. Click Next.
  16. On the Adapter Contract Fulfillment tab, fulfill your adapter contract with values from the authentication adapter or with dynamic text values.

    By default, Adapter is selected from the Source lists.

  17. Click Next.
  18. On the Issuance Criteria tab, optionally create criteria for PingFederate to evaluate to determine whether users are authorized to access SP resources. Click Next.
  19. On the Summary tab, confirm your entries, and then click Done.
    Screen capture of the Summary tab showing the selected entries.
  20. On the Adapter Contract Mapping tab, click Next.
  21. On the Summary tab, review the IdP adapter instance settings, and then click Save.

After completing these steps, the HTML form adapter is ready to use in either an Authentication Policy or an SP connection.

Enter AD credentials (username and password) to test the configured adapter.