Note |
---|
This guide is for an older version of Kantega SSO Enterprise and is no longer maintained. |
In Kantega Single Sign-on, add a new identity provider and select “Ping Federate” "Ping Federate" from the dropdown:
...
In the Prepare step, copy the Metadata URL if your Atlassian server is available to Ping Federate, or download the file if it’s it's not.
...
Open the Ping Federate admin console in a separate browser tab. Press Create New in IdpConfiguration
...
Select Configure Browser SSO. Press Next.
...
Select wheter whether you want IDP-initated initiated SSO, SP-Initiated SSO, or both. Press Next.
...
Accept the default assertion lifetime. Press Next.
...
Select “Configure "Configure Assertion Creation”Creation"
...
Select Standard Identity Mapping. Press Next.
...
Configure Attribute Contract. This step may be skipped if you don’t don't intend to use Just-in-time provisioning to create user accounts when users log into the Atlassian application.
“Extend "Extend the contract” contract" with the additional fields from the table below.
Extend the tract: | Attribute Name Format |
---|---|
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified | |
givenName | urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified |
surname | urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified |
Press Next.
...
Authentication Source Mapping. Select Map New Adapter Instance.
...
Choose your preferred Adapter Instance
In this example, we create: PingOne HTML Form Adapter
...
Select the values for SAML_SUBJECT, email, givenName, and surname
Press Next.
...
Issuance Criteria:
...
Choose an already existing Authentication Policy Contract or press Manage Authentication Policy Contracts.
In this example, we create a new policy contract
...
Select the desired Authentication Policy Contract
Press Next
...
Mappping Mapping Method
Select Use Only The Authentication Policy Contract Values In The SAML Assertion
Press Next
...
Attribute Contract FullfillmentFulfillment
Map the Attribute Contract Attribute to the corresponding Value
Press Next
...
You have now completed the Assertion Creation
Press Next
...
Protocol Settings
Press Cnfigure Configure Protocol Settings
...
Assertion Consumer Service URL
The Endpoint URL should be automatically filled from the metadata
When not using metadata, add the ACS URL from the Prepare step in Kantega Single Sign-on
Note that in this example, we use the relative url URL to the Base url URL configured in: in General Info
Press Next
...
Allowable SAML Bindings
...
You can choose to have the assertion singed or not
Press Next
...
Encryption Policy
Select wether whether you want the assertion encrypted as well
Encrypted assertions is not covered by this guideThis guide does not cover encrypted assertions
Press Next
...
Protocol Settings Summary
...
You have now completed the Protocol Settings
Press Next, then Done
...
Browser SSO
You have now completed the Browser Configuration
Press Next
...
Credentials
Select Configure Credentials
...
Select an already existing certificate or create a new one
If you are creating making a new certificate, Press Manage Certificates
...
Select Include The Certificate In The Signature <Keyinfo> Element
Press Done
...
Credentials
You have now completed Credentials
Press Next
...
Activation and Summary
Select Connection Status: Active
Press Save
...
Metadata Export
Navigate for Server Configuration
Metadata Export
...
Select the signing certificate
Check Include This Certificate's Public Key In The Certificate <Keyinfo> Element.
Press Next
...
Export & Summary
Export the metadata (Press Export)
Press Done
...
Configuring Kantega Single Sign-on
Finally, go back to the Kantega SSO tab. Still on the Prepare step, press Next.
...
Metadata import
Select the exported metadta metadata from Ping Federate
Press Next
...
Location
Give the IDP a proper name
The SSO redirect URL is imported from the metadata
...
Signature
Review the imported signing certificate (This step is purely informatinalinformational)
Press Next
...
Users
Select whether users already exist or if you wish to have users automatically created upon login
Optionally assign a default group for new users.
...
You should now be able to test SAML login through Ping Federate.
...