- In the PingFederate administrative console, go to Applications > Integration > SP Connections.
-
Click Create Connection.
- On the Connection Template tab, click Do not use a template for this connection. Click Next.
- On the Connection Type tab, select the Browser SSO Profiles check box.
- In the Protocol list, select SAML 2.0 and click Next.
- On the Connection Options tab, click Next.
-
On the Import Metadata tab, click
File and then choose the metadata file that you
downloaded previously. Click Next.
- On the Metadata Summary tab, review the EntityID field and click Next.
-
On the General Info tab, review the imported
Base URL field, then click
Next.
-
On the Browser SSO tab, click Configure
Browser SSO.
The tabs for the Browser SSO section display.
-
Configure the browser SSO:
-
On the SAML Profiles tab, select the
SP-Initiated SSO check box. Click
Next.
- On the Assertion Lifetime tab, accept the default values and click Next.
-
On the Assertion Creation tab, click
Configure Assertion Creation.
The tabs for the Assertion Creation section display.
-
On the SAML Profiles tab, select the
SP-Initiated SSO check box. Click
Next.
-
Configure the assertion creation:
- On the Identity Mapping tab, click Next.
- On the Attribute Contract tab, click Next.
-
On the Authentication Source Mapping tab, click
Map New Adapter Instance.
The tabs for the IdP Adapter Mapping section display.
-
Configure the IdP adapter mapping:
-
On the Adapter Instance tab, select the HTML
form adapter that you created. Click Next.
- On the Mapping Method tab, click Next.
-
On the Attribute Contract Fulfillment tab, in
the Source list select
Adapter and in the
Value list select
username. Click
Next.
- On the Issuance Criteria tab, click Next.
-
On the Summary tab, click
Done.
You return to the Assertion Creation section.
-
On the Adapter Instance tab, select the HTML
form adapter that you created. Click Next.
- On the Authentication Source Mapping tab, click Next.
-
On the Summary tab, click
Done.
You return to the Browser SSO section.
- On the Assertion Creation tab, click Next.
-
On the Protocol Settings tab, click Configure
Protocol Settings.
The tabs for the Protocol Settings section display.
-
Configure the protocol settings:
-
On the Assertion Consumer Service URL tab,
review the Endpoint URL value. Click
Next.
- On the Allowable SAML Bindings tab, ensure that POST and REDIRECT are the only values checked. Click Next.
- On the Signature Policy tab, click Next.
- On the Encryption Policy tab, click Next.
-
On the Summary tab, click
Done.
You return to the Browser SSO section.
-
On the Assertion Consumer Service URL tab,
review the Endpoint URL value. Click
Next.
- On the Protocol Settings tab, click Next.
-
On the Summary tab, click
Done.
You return to the SP Connection section.
- On the Browser SSO tab, click Next.
-
On the Credentials tab, click Configure
Credentials.
The tabs for the Credentials section display.
-
Configure the credentials:
-
On the Digital Signature Settings tab, select
the Signing Certificate that you chose in Exporting the signing certificate from PingFederate. Click
Next.
-
On the Summary tab, click
Done.
You return to the SP Connection section.
-
On the Digital Signature Settings tab, select
the Signing Certificate that you chose in Exporting the signing certificate from PingFederate. Click
Next.
- On the Credentials tab, click Next.
-
On the Activation & Summary tab, click
Save.