Creating a single sign-on connection
Create an SP connection in PingFederate to communicate single sign-on (SSO) information to Amazon Web Services (AWS).
About this task
You can follow these steps to create a new SP connection, or you can modify an existing connection. |
Steps
-
Download the latest SAML metadata file from Amazon. Save it as
aws-saml-metadata.xml
. -
In the PingFederate administrator console, configure an SP connection.
-
On the Identity Provider screen, in the SP Connections area, click Create new.
-
On the Connection Template screen, select Use a template for this connection.
-
In the Connection Template list, select Amazon Web Services Connector.
-
Click Choose File, select the
aws-saml-metadata.xml
that you downloaded, and then click Open. Click Next.
-
-
On the Connection Type screen, select Browser SSO Profiles and clear Outbound Provisioning. Click Next.
-
On the Connection Options screen, click Next.
-
On the General Info screen, the basic connection information is populated by the metadata XML file. Click Next.
-
On the Browser SSO screen, configure browser SSO.
For a complete guide, see Configuring IdP Browser SSO in the PingFederate documentation.
-
On the Browser SSO > Assertion Creation > IdP Adapter Mapping > Attribute Contract Fulfillment screen, on the SAML_SUBJECT line, select a source.
-
On the https://aws.amazon.com/SAML/Attributes/Role line, select Text.
-
In the Value field, type the role ARN and provider ARN that you noted in Creating an identity provider in Amazon Web Services, and Creating a federation role in Amazon Web Services. Separate the ARNs with a comma, as follows:
<role ARN>,<provider ARN>
-
On the https://aws.amazon.com/SAML/Attributes/RoleSessionName line, select a value to use as the user’s display name in AWS.
-
-
On the Credentials screen, configure the connection credentials.
See Configuring credentials in the PingFederate documentation.
-
On the Activation and Summary screen, above the Summary section, click the toggle button to enable the connection. Click Save.