Prepare to provide the following:

  • Entity ID, used to uniquely identify the application and obtained from the service provider ACS URL, the application's URL to which SAML assertions from the identity provider will be sent after user authentication occurs
  • ACS URL, the application's URL to which SAML assertions from the identity provider will be sent after user authentication occurs
  • SP certificates, if the template you select is based on a PingFederate connection that requires a certificate
  • An assertion encryption certificate, which is required if encryption is enabled for the connection
  1. To promote the application to an environment, click the expandable icon associated with the application, select the Promote tab, and click Promote.
  2. From the Available Environments list, select the environment to which you want to promote the application.
    Note:

    If you have the Application Owner role, you cannot promote applications to protected environments, which have shield icons associated with them.

  3. In the Entity ID and ACS URL fields, enter the appropriate information.

    If you provided a metadata file when you added your application to PingCentral, the Promote to Environment window is prepopulated with the information from the other SAML application. You can modify this information, as necessary.

  4. Upload certificates, if required.

    Certificates are required for PingFederate SP connections when:

    • Either of the single logout (SLO) options, IdP-Initiated-SLO or SP-Initiated-SLO, are selected as the SAML profile.
    • Digital signatures are required, and the Signature Policy is set to Require authn requests to be signed when received via the POST or redirect bindings option.
    • Inbound backchannel authentication is configured. For more information, see the following topics in the PingFederate Server Guide:
  5. If encryption is enabled for the connection, click in the Assertion Encryption Certificate field. Select an assertion encryption certificate used for a previous promotion from the list or provide a new one.
    Note:

    Only whole encryption is currently supported, so if a connection has attributes specified for encryption, the promotion will fail.

  6. Verify that the information displayed in the Promote to Environment window is correct and click Promote.
    PingCentral promotes your application to the designated environment in PingFederate. You will see the new promotion in the History section of the page. If the signature verification certificate used during promotion is available in the PingFederate environment, that certificate is used. If not, a new certificate is created.
  7. Configure the SSO connection.
    1. Enter the application Entity ID.
    2. To specify the SSO endpoint URL, click View Connection Details to access the Promotion Details window, which displays the SSO endpoint URL.
    3. To add certificates, if applicable, in the Promotion Details window, click Identity Provider to download the certificate that the identity provider is using to sign the SAML assertion, and the assertion encryption certificate associated with the connection.
      This example shows the Promotion Details page, which contains information regarding the promotion, such as the ACS URL, SSO endpoint URL, and certificates associated with the connection.