Use Cases

Configuring SSO

About this task

Start by creating an SP connection in PingFederate.

Steps

  1. Go to Applications → SP Connections and click Create Connection.

  2. Ensure that Do not use a template for this connection is selected. Click Next.

  3. On the Connection Template tab, select Browser SSO Profiles and the SAML 2.0 protocol. Click Next.

  4. On the Connection Options tab, ensure that Browser SSO is selected. Click Next.

  5. On the Import Metadata tab, ensure that None is selected. Click Next.

  6. On the General Info tab, in the Partner’s Entity ID and Connection Name fields, enter uber.com. Click Next.

  7. On the Browser SSO tab, click Configure Browser SSO.

    1. On the SAML Profiles tab, select both IdP-Initiated SSO and SP-Initiated SSO. Click Next.

    2. On the Assertion Lifetime tab, specify the number of minutes for which the assertion will be valid before and after it’s issued. Click Next.

    3. On the Assertion Creation tab, click Configure Assertion Creation.

      1. On the Identity Mapping tab, ensure that Standard is selected. Click Next.

      2. On the Attribute Contract tab, set SAML_SUBJECT to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. Click Next.

    4. On the Authentication Source Mapping tab, select Map New Adapter Instance.

      1. On the Adapter Instance tab, click Manage Adapter Instances and then click Create New Instance.

      2. On the Type tab, enter a unique name and ID (with no spaces) for the adapter, select HTML Form IdP Adapter from the Type field. Click Next.

      3. On the IdP Adapter tab, click Add a new row to Credential Validator, select the type of validator that you use for your datastore from the list, and click Update. Click Next at the bottom of the page.

      4. Click Next on the Extended Contract tab.

      5. On the Adapter Attributes tab, in the Pseudonym column, select username. Click Next.

      6. On the Adapter Contract Mapping tab. Click Next and then click Save at the bottom of the page.

      The identity provider (IdP) adapter that you just created displays in the list of available adapters.

      1. Click Done.

    5. On the Adapter Instance tab, select the instance that you just created. Click Next.

      1. Ensure that the Use Only the Adapter Contract Values in the SAML Assertion option is selected. Click Next.

      2. On the Attribute Contract Fulfillment tab, in the Sourcelist, select Adapter, and in the Value list, select username. Click Next.

      3. On theIssuance Criteria tab, clickNext.

      4. On the Summary tab, click Done.

    6. On the Authentication Source Mapping tab, click Next.

    7. On the Summary tab, click Done.

    8. On the Assertion Creation tab, click Next.

    9. On the Protocol Settings tab, click Configure Protocol Settings.

      1. In the Binding list, select Post.

      2. In the Endpoint URL field, enter https://auth.uber.com/v2/saml/acs/.

      3. Click Add. Click Next.

      4. On the Allowable SAML Bindings tab, deselect Artifact and SOAP. Click Next.

      5. On the Signature Policy tab and the Encryption Policy tab, click Next.

      6. On the Summary tab, click Done.

    You return to the Browser SSO tab.

  8. Click Next.

  9. On the Credentials tab, click Configure Credentials and select your signing certificate in the Signing Certificate list. Click Next and then click Done.

  10. On the Credentials tab, click Next.

  11. On the Activation and Summary tab, click Save.

    Result:

    The SP connection you just created displays in the list of available SP connections.