NOTE: The steps provided for how to configure Ping Federate has not been updated recently and some information and screenshots may be out of date.
NOTE: The steps provided for how to configure Ping Federate has not been updated recently and some information and screenshots may be out of date.
Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.
Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.
In the prepare step, Copy the Reply URL. You will need this when setting up Ping Federate.
If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML. |
Open the Ping Federate admin console in a separate browser tab. Press Create New in IdpConfiguration.
Select Connection Template: Browser SSO Profiles PROTOCOL SAML 2.0. Press Next.
Select Browser SSO. Press Next.
Fill in the fields
Entity ID (copy from KSSO prepare step)
Connection Name
Base URL
Press Next
Click the button Configure Browser SSO to create or revise Browser SSO configuration
Select wheter you want IDP-initated SSO, SP-Initiated SSO or both. Press Next.
Accept the default assertion lifetime. Press Next.
Click the button Configure Assertion Creation.
Select standard Identity Mapping. Press Next.
This step may be skipped if you don’t intend to use Just-in-time provisioning to create user accounts when users log into the Atlassian application.
“Extend the contract” with the additional fields from the table below. Press Next.
Extend the contract: | Attribute Name Format |
---|---|
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified | |
givenName | urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified |
surname | urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified |
Select Map New Authentication Policy to create a new contract or revise existing configuration.
Click the button Manage Policy Contracts to revise an already existing Authentication Policy Contract or to create a new Authentication Policy Contract.
In this example we have configured a contract (adfs-contract) with the following contract attributes:
group
subject
uid
Press Next (or click a heading to edit a configuration setting).
Select Use Only The Authentication Policy Contract Values In The SAML Assertion. Press Next
Map the Attribute Contract Attribute to the corresponding Value. Press Next.
Optionally add Issuance Criteria. Press Next.
Review the Summary. Press Done.
You have now completed Asserton creation, Authentication Source Mapping. Press Next
Review the Summary. Press Done.
You have now completed Bowser SSO, Assertion Creation. Press Next
Click the button Configure Protocol Settings.
Add the ACS URL from the Prepare IDP step in Kantega Single Sign-on.
Note that in this example we use the relative url to the Base url configured in General Info section.
Press Next
Set Post and Redirect as the Allowable SAML Binding. Press Next.
You can choose to have the assertion singed or not. Press Next
Select wether you want the assertion encrypted as well.
Encrypted assertions is not covered by this guide.
Press Next.
Review the Summary. Press Done.
You have now completed Broser SSO, Protocol Settings Press Next, then Done.
Review Browser SSO, Summary. Press Done, then Next.
Summary information for your SP Connecion. Press Save.
Go back to the Kantega SSO wizard.
Upload the metadata.xml-file you exported from Ping Federate.
No do not need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.
Check that everything looks good and submit your setup
Test that the log-in with Ping Federate works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.
To allow PingFederate to get automatic update of Metadata (for example changing of SAML Request Signing Key). You may copy the Metadata XML URL from the below page in Kantega SSO and insert into Metadata URL page in PingFederate.