How to configure authentication request signing in PingOne

Published: 06/28/2016
When doing service provider initiated SSO, your identity provider or company policy may require signing of the SAML authentication request. To enable signing please follow the steps below:

- Log into the PingOne Admin portal
- Click "Set up" in the navigation toolbar.

User-added image

- Click the Pencil icon  User-added image

If PingOne is configured with PingFederate version "7.3 or Below":
- Click "Next"
- On the following screen, put a check in the box "SIGN AUTHNREQUEST FROM PINGONE"

User-added image
- Click "Next"
- Click "Next" on the remaining screens, then click "Save" to save your changes. 

If PingOne is configured with PingFederate version "8.0 or Above":
No changes in PingOne are applicable. If PingFederate is set to require "Require AuthN Requests To be Signed When Received via The Post or Redirect Bindings", PingOne will automatically sign the authentication request.

If PingOne is configured with 3rd Party SAML:
- When you click the pencil, you will be taken directly to the configuration screen where you can set AuthN signing. Put a check in the box "SIGN AUTHNREQUEST FROM PINGONE":

User-added image

- Click "Next"
- Select the radio button "Manually Enter Your IDP Connection Information".

User-added image

- No other changes are required, click "Save".

When the above changes are made, PingOne will sign authentication requests when service provider initiated SSO are performed. The verification certificate is inside the PingOne metadata file and should get loaded into the SAML product when the metadata is uploaded for configuration.

Setup , 3rd Party Identity Bridge , 
KB or other URL: