ADFS Integration with PingOne

ADFS Integration with PingOne

Published: 10/01/2014
Register for PingOne & Login for the first time.  Check your email to confirm the registered email address and then get started by clicking the “Finish your Setup” option to configure an Identity Bridge
 
User-added image

Choose an Identity Bridge from the list.  For ADFS, you will need to select “3rd-party SAML.”
 
User-added image
 
Under the "CONFIGURE YOUR IDP CONNECTION" heading, choose the “Download PingOne Metadata” link to download the metadata for PingOne.  This file will be called “pingone-metadata-sp.xml” and will be imported into ADFS in a later step.
 
The next steps will configure the ADFS IDP side.  Launch the ADFS 2.0 console.
 
User-added image
 
Under “Trust Relationships > Relying Party Trusts”, add a new Relying Party Trust. This will launch a wizard.
 
User-added image
 
The first step is to import the PingOne metadata file downloaded above
 
User-added image
 
Give the connection a name (ie: PingOne)
 
User-added image
 
Choose the issuance rules (ie: permit all)
 
User-added image
 
Click “Next” to view the summary and complete the wizard.
 
User-added image
 
Leave the “Open the Edit Claim Rules…” option selected and finish the wizard
 
User-added image
 
This will launch the “Edit Claim Rules” configuration utility.
 
User-added image
 
This example will only gather claims from Active Directory to present to PingOne
 
User-added image
 
Configure a basic claim set. The four attributes included are required attributes for PingOne, however, the values may change according to your organization (ie: you name use email address instead of sAMAccountName as the Name ID)
 
User-added image
 
After configuring the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the PingOne connection and view the properties for the connection.  Browse to the Encryption tab and “Remove” the encryption certificate.
 
User-added image
 
That completes the ADFS configuration.  Next, go back into the PingOne console and complete the configuration of the Identity Bridge.
 
In the Identity Bridge configuration page in PingOne titled “Configure the Connection at PingOne”, upload the Federation Metadata from the ADFS server.
 
The Federation Metadata can be found at:
https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml
 
If your ADFS server is accessible to the public Internet, choose the “Or use URL” link to download metadata from our ADFS server.  Or download the xml file and upload it.
 
Once the metadata is imported, choose POST as the binding type and choose Save Configuration to commit the changes.
 
User-added image
 
A message will be presented indicating that the SAML configuration was successful.  Next, configure the PingOne Dock. Click the "Dock Configuration" tab at the top of the page, then click to put check in "Show advanced settings."
 
User-added image
 
Scroll down to the bottom of the PingOne Dock configuration page configure the attribute mappings:
 
memberOf – http://schemas.xmlsoap.org/claims/Group
fname – http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
lname – http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
 
Click “Save changes” when complete.
 
User-added image
 
That’s it!  Access the PingOne Dock URL found on the main Dashboard page of the PingOne console to test SSO.
KB or other URL: