• All Files
Aruba Central Online Help

Configuring Service Provider Metadata in PingFederate IdP

This procedure describes the steps required for configuring service provider metadata in PingFederate.

This topic provides a basic set of guidelines required for service provider metadata on the PingFederate server. The images and attributes may change with PingFederate software updates.

Before you Begin

Go through the SAML SSO feature description to understand how SAMLSecurity Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. framework works in the context of Aruba Central.

Steps to Configure Service Provider Metadata in PingFederate

To configure service provider metadata in PingFederate, complete the following steps:

ClosedStep 1—Create an SP Connection Profile
  1. Log in to the PingFederate administration console.
  2. Click IdP Configuration > SP Connections > Create New. The SP Connections page opens.

  3. In the Connection Type tab, select Browser SSO Profiles.

  4. Click the General Info tab.
  5. Verify the Entity ID and select the logging mode.

  6. Click Next. Configure the Browser SSOSingle Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts. Settings.
ClosedStep 2—Configure Browser SSO Settings
  1. On the SP Connections page in PingFederate administrative console, click Browser SSO.

  2. Click Configure Browser SSO.
  3. Select the following SAML profiles:
    • Select IDP-INITITATED SSO
    • Select SP-INITITATED SSO

  4. Click Next. The Assertion Lifetime tab opens.
  5. Click Next. The Assertion Creation page opens.
    1. Click Configure Assertion Creation. The Assertion Creation wizard opens.

    2. Click Next. The Attribute Contract page opens.
    3. Add the SAML attributes in the SAML assertion. The IdP will send these attributes in the SAML Assertion.

    4. Click Next. The Authentication Source Mapping tab opens.

    5. Click Map New Adapter Instance. The adapter configuration screen opens.

    6. Complete the following configuration steps:
    7. Click Mapping Method and select a mapping option.

    8. Click Attribute Sources and User Lookup
    9. To add a data source, click Add Attribute Store and add the data store ID as shown in the following figure:

    10. Click Save.
  6. On the SP Connections > Browser SSO Settings page, click Protocol Settings to configure the Browser SSO Protocol Settings, SSO service URLsUniform Resource Locator. URL is a global address used for locating web resources on the Internet., and SAML bindings.

  7. Click Configure Protocol Settings and complete the following steps:
    1. Verify the Assertion Consumer Service URL. The endpoint URLs for Redirect and Post bindings are both automatically populated from the metadata. If not, enter the URL manually. The URL will be the same for both bindings.

  1. Click Next. The Allowable SAML Bindings tab opens.
  2. Select Post and Redirect.

  3. Click Next. The Encryption Policy Settings tab opens.
  4. Select None.

  5. Click Next. Review the protocol setting.
  6. Click Done.
ClosedStep 3—Configure Credentials
  1. On the SP Connections page in the PingFederate administrative console, click Credentials
  2. Click Configure Credentials.
  3. Click Digital Signature Settings.
  4. Select the certificate to use for digital signature in SAML messages.

ClosedStep 4—Review Configuration

To review the configuration, click the Activation & Summary tab.

ClosedStep 5—SAML Authorization Profile in Aruba Central

For information on how to configure a SAML authorization profile, see Configuring SAML Authorization Profiles in Aruba Central.