PingFederate SSO Configuration
-
Go to Applications >> SP connections >> Create Connection
-
Choose Do not use a template for this connection
-
Check Browser SSO Profiles (SAML 2.0)
-
In Import Metadata, choose None and click Next
-
In the General Info section, enter following information:
-
In Browser SSO, click on Configure Browser SSO
-
Check both IDP-initiated SSO and SP-initiated SSO
-
In the Assertion Lifetime section, change the assertion lifetime if needed (optional), and click Next.
-
In Assertion Creation, click on Configure Assertion Creation
-
In the Identity Mapping section, select Standard and click Next
-
In the Attribute Contact subsection, select a format for the SAML_SUBJECT with the value urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and click Next
-
In the Authentication Source Mapping section, click Map New Adapter Instance.
-
Go to Manage Adapter Instances >> Create New Instance
-
Choose an instance name and id (no spaces, and it must be unique). Select HTML Form IdP Adapter as the Type
-
In IdP Adapter, go to Add a new row to Credential Validator
- Select your Password Credential Validator, and click on update, scroll to the bottom of page and click Next
-
Review Extended Contract tab and click Next
-
In Adapter Attributes, check username as the pseudonym and click Next
-
In Adapter Contract Mapping, go to Configure Adapter Contract
- Click Add Attribute Source.
- Choose a source id and description. Then select your active data store and click Next
- In LDAP Directory Search, fill out Base DN (example CN=Users,DC=amazonaws,DC=com). In Attributes to return from search, select Show All attributes and userPrincipalName. Then click on Add Attribute.
- In LDAP Filter, fill out the Filter box with userPrincipalName=${username} and click Next
- Review Summary for your Attribute Sources and User Lookup and click Save
- Click Add Attribute Source.
-
Once you have created the attribute source, click Next.
-
In Attribute Contract Fulfillment, select Adapter for source and username for value (do it for all the attributes)
-
Review the Summary for your new IdP Adapter Instance and click Done
-
-
In Protocol Settings tab, click Configure Protocol Settings
- In Assertion Consumer Service URL, select Post for Binding and add Uber’s ACS URL. Click Add
- Go to Allowable SAML Bindings, keep only POST and REDIRECT checked
- Review the rest of the tabs, go to Summary and click Save after verifying configuration *** Do we want to recommend the rest of the settings?
-
-
In Credentials, click on Configure Credentials
- Go to Manage Certificates, then Create New
- Fill out the required fields, then click on Next and save it.
-
Keep click on Next and Done until the SP connection is created