Step 2: Integrate PingFederate

This article describes how to integrate the PingFederate Identity Provider (IdP) with Axis Security using SAML.

Step 1: Create a SAML App in PingFederate

  1. Go to Applications -> SP Connections.
22562256
  1. Click *Create Connection .
22502250
  1. Select Do not use a template.
16281628
  1. Click Next.

  2. Click Browser SSO Files, and make sure the protocol is set to SAML 2.0.

11901190
  1. Click Next.

  2. Make sure the Browser SSO is checked.

11441144
  1. Click Next.

  2. Leave Metadata URL to None.

14801480

Step 2: Add PingFederate as an Identity Provider in Axis Security

To add PingFederate as an Identity Provider in Axis Security:

  1. Go to Settings-> Identity Providers-> New Identity Provider

The Identity Providers screen is displayed.

35463546
  1. Select SAML. 
13421342

3.  In the Identity Provider Name field, enter a name for your identity provider.

Service Provider Metadata

  1. Download the SP metadata file and the SP certificate file

  2. Copy the SP URL (ACS) and paste it into a text editor. 

  3. Copy the SP entity ID and paste it into a text editor.

SAML Integration

Select whether to set this IdP using a single sign-on URL and a certificate, or set this IdP using an ADFS metadata URL.

To set this IdP using a single sign-on URL and a certificate:

  1. In the Single Sign On URL field, paste the SSO URL that you obtained when you integrated SAML with PingFederate in Step 1.
  2. Click Upload certificate and upload the certificate you obtained from PingFederate.

To set this IdP using an ADFS metadata URL: 

  1. Paste an ADFS metadata URL. 

Step 3: Finish Configuration in PingFederate

General Info

  1. Enter the Entity ID obtained from Axis.
  2. Add a name and other optional information.
  3. Click Next.
15141514

Browser SSO

  1. Under Single Sign-on (SSO) profiles, click Configure Browser SSO.
16881688
  1. Check the box for both IdP-initiated SSO and SP-initiated SSO.
15221522
  1. Click Next.

Assertion Lifetime

Assertion lifetime is configurable and up to the admin.

Assertion Creation

  1. Click Configure Assertion Creation.
  2. Select Standard.
13121312
  1. Click Next.

  2. Select a format for the SAML_SUBJECT and extend the contract with the following fields.

  3. Basic: http://schemas.xmlsoap.org/claims/Group

  4. Basic: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

24442444

Map New Adapter Instance

  1. Select Map New Adapter Instance.
13701370
  1. The attributes are configurable by the admin.
18401840
  1. Note: this is where we map what values are sent to Axis from PingFederate. They are all sources from Adapter but are configurable by the admin.
  • SAML_SUBJECT can be a username, email, etc.
  • The group can also be any group membership
  • The name can be a givenName, fullName, etc.
22162216
  1. Skip issuance criteria.

  2. You can skip the Map New Authentication Policy by clicking Next.

Configure Protocol Settings

  1. Click Configure Protocol Settings.
16501650
  1. Select POST binding and paste in the Axis SSO URL obtained from Axis in the Endpoint URL field.

  2. Click Add.

18081808
  1. Check the Post and Redirect options.
  2. Check the Always Sign Assertion option.
  3. For encryption policy, select None.
15961596
  1. Go to Credentials and click Configure Credentials.
  1. Select signing certificate and check the box to include the certificate in the signature element.
14721472
  1. Click to see the Activation & Summary page.
17901790
  1. Copy the SSO Application Endpoint URL

  2. Scroll to the bottom to click Save.


Did this page help you?