Skip to main content
Version: On prem: 14.0.16

Configure PingFederate with SAML on-prem

DISCLAIMER


This page contains third-party references. We strive for our content to always be up-to-date, however, the content referring to external vendors may change independently of Omada. If you spot any inconsistency, please report it to our Helpdesk.

To configure PingFederate with SAML:

  1. Sign in to the PingFederate administrator portal.

  2. From the Identity Provider section, create a new SP Connection.

  3. Under Connection Type and Connection Options, select BROWSER SSO.

  4. Under Import Metadata, select URL.

  5. Add an identifier and a new for the connection. Provide the full external URL to the logon.aspx page in the Omada Identity Portal.

  6. Open Browser SSO and click Configure Browser SSO.

  7. Select the checkboxes for IDP-INITIATED SSO and SO-INITIATED SSO.

  8. Select the default value for Minutes Before and Minutes After in Assertion Lifetime.

  9. Click Configure Assertion Creation under Assertion Creation.

  10. Select the STANDARD identity mapping.

  11. Select the default mapping to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

  12. Create a new mapping to an authentication source, for example, you could map to Login by Password.

  13. Select Use only the adapter contract values in the SAML Assertion.

  14. Map SAML_SUBJECT to, for example, samAccountName or to another attribute that maps to the Omada Identity UserName.

  15. No other attributes are mapped.

  16. Open Protocol Settings and click Configure Protocol Settings.

  17. Add an Assertion Consumer Service URL pointing to the page logon.aspx on the Omada Identity Portal.

  18. Allow onlyPOST and REDIRECT binding.

  19. Do not require signed requests.

  20. Do not require encryption of the messages.

  21. Go to Credentials and click Configure Credentials.

  22. Pick a signing certificate or create a new one, not covered here.

  23. Finally, activate the connection on the Activation and Summary tab.

  24. From the PingFederate SP Summary page, copy the value of the Partners Entity ID. Add this value to the column IdpIssuer and IdpAudience in tblCustomerAuth.

  25. Supply the Partners Entity ID to the following metadata URL https://[HOSTNAME]/pf/federation_metadata.ping?PartnerSpId=[Partners Entity ID]. Add this URL to the IdPEndPoint in tblCustomerAuth.