Configuring authentication request signing in PingOne for Enterprise
For service provider (SP)-initiated single sign-on (SSO), your identity provider (IdP) or company policy might require signing the SAML authentication request.
Before you begin
-
Ensure that you have internet access.
-
If you do not already have a PingOne for Enterprise account, create an account.
Steps
-
Sign in to the PingOne for Enterprise admin portal.
-
Click Setup.
-
Click the Pencil () icon.
-
Select PingFederate. Click Next.
-
If PingFederate is already installed:
-
Click Yes, then click Next.
-
Copy the provided activation key into PingFederate Bridge when prompted.
-
-
If PingFederate is not installed:
-
Click No, then click Next.
-
Click the appropriate server platform.
-
Download and install PingFederate Bridge, then click Next.
-
Copy the provided activation key into PingFederate Bridge when prompted.
If PingOne for Enterprise is configured with PingFederate version 8.0 or later, no changes in PingOne for Enterprise are necessary.
If PingFederate is set to Require AuthN Requests To be Signed When Received via The Post or Redirect Bindings, PingOne for Enterprise automatically signs the authentication request.
-
-
If PingOne for Enterprise is configured with custom SAML:
-
Select the Sign AuthnRequest From PingOne check box. Click Next.
-
Click Manually Enter Your IDP Connection Information. Click Save.
-
Result
PingOne for Enterprise will sign authentication requests during the SP-initiated SSO process. The verification certificate is inside the PingOne for Enterprise metadata file, and gets loaded into the SAML product when the metadata is uploaded for configuration.