Three lines



PingFederate SSO Configuration

  1. Go to Applications >> SP connections >> Create Connection 1

  2. Choose Do not use a template for this connection 2

  3. Check Browser SSO Profiles (SAML 2.0) 3

  4. In Import Metadata, choose None and click Next 4

  5. In the General Info section, enter following information:

  6. In Browser SSO, click on Configure Browser SSO 6

    • Check both IDP-initiated SSO and SP-initiated SSO 6.1

    • In the Assertion Lifetime section, change the assertion lifetime if needed (optional), and click Next. 6.2

    • In Assertion Creation, click on Configure Assertion Creation 6.3

    • In the Identity Mapping section, select Standard and click Next 6.3.1

    • In the Attribute Contact subsection, select a format for the SAML_SUBJECT with the value urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and click Next 6.3.2

    • In the Authentication Source Mapping section, click Map New Adapter Instance. 6.3.3

      • Go to Manage Adapter Instances >> Create New Instance

      • Choose an instance name and id (no spaces, and it must be unique). Select HTML Form IdP Adapter as the Type

      • In IdP Adapter, go to Add a new row to Credential Validator

        • Select your Password Credential Validator, and click on update, scroll to the bottom of page and click Next
      • Review Extended Contract tab and click Next

      • In Adapter Attributes, check username as the pseudonym and click Next

      • In Adapter Contract Mapping, go to Configure Adapter Contract

        • Click Add Attribute Source.

        • Choose a source id and description. Then select your active data store and click Next
        • In LDAP Directory Search, fill out Base DN (example CN=Users,DC=amazonaws,DC=com). In Attributes to return from search, select Show All attributes and userPrincipalName. Then click on Add Attribute.
        • In LDAP Filter, fill out the Filter box with userPrincipalName=${username} and click Next
        • Review Summary for your Attribute Sources and User Lookup and click Save
      • Once you have created the attribute source, click Next.

      • In Attribute Contract Fulfillment, select Adapter for source and username for value (do it for all the attributes)

      • Review the Summary for your new IdP Adapter Instance and click Done

    • In Protocol Settings tab, click Configure Protocol Settings 6.3.4

      • In Assertion Consumer Service URL, select Post for Binding and add Uber’s ACS URL. Click Add
      • Go to Allowable SAML Bindings, keep only POST and REDIRECT checked
      • Review the rest of the tabs, go to Summary and click Save after verifying configuration *** Do we want to recommend the rest of the settings?
  7. In Credentials, click on Configure Credentials

    • Go to Manage Certificates, then Create New
    • Fill out the required fields, then click on Next and save it.
  8. Keep click on Next and Done until the SP connection is created


© 2023 Uber Technologies Inc.