Heroku Integration Guide

Configure a Connection

About this task

Use the following procedure to configure a quick connection for single sign-on (SSO) to Heroku.

This procedure provides instructions for configuring minimum required connection settings. The instructions skip pages in which all necessary information is configured or defaults are used. You can add or change settings to suit your requirements.

Steps

  1. If you have not already done so, use PingFederate to configure the identity provider (IdP) adapter you want to use.

    Learn more in Managing IdP adapters in the PingFederate documentation.

  2. On the Main Menu, select Create New under SP Connections in the IdP Configuration section.

  3. On the Connection Template page, select the Do not use a template for this connection and click Next.

    A screenshot showing the Connection Template page. Do not use a template for this collection is selected.

  4. On the Connection Type page, ensure that the Browser SSO profile is selected and click Next.

  5. On the Connection Options page, ensure Browser SSO is selected and click Next.

  6. On the Import Metadata page, click Choose file and select the Heroku saml-metadata.xml file you created in Obtain the Heroku SAML 2.0 Metadata XML.

    A screenshot of the Import Metadata page, with the heroku-saml-metadata.xml file uploaded.

  7. On the Metadata Summary page, click Next.

  8. On the General Info page, ensure that the Partner’s Entity ID (Connection ID), Connection Name, and Base URL are accurate. Change details if required and click Next.

    A screenshot of the General Info page, with https://sso.heroku.com entered into the Entity ID, Connection Name, and Base URL fields.

  9. On the Browser SSO page, click Configure Browser SSO.

    A screenshot of the Browser SSO page, showing the Configure Browser SSO button.

  10. On the SAML Profiles page, ensure that the IdP-Initiated SSO and SP-Initiated SSO profiles are selected and click Next.

    A screenshot of the SAML Profiles page, showing the IdP-Initiated SSO and SP-Initiated SSO checkboxes checked.

  11. On the Assertion Creation page, click Configure Assertion Creation.

    A screenshot of the Assertion Creation page, showing the Configure Assertion Creation button.

  12. On the Attribute Contract page, ensure that the SAML_SUBJECT name format is set to:

    following:urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    A screenshot of the Attribute Contract page, showing the SAML_SUBJECT field populated.

  13. On the Authentication Source Mapping page, click Map New Adapter Instance and map the IdP Adapter Instance you defined earlier in this procedure. When you return to the Authentication Source Mapping page, click Done.

    This configuration is site-dependent and cannot be pre-configured. You can find detailed information and instructions in Managing authentication source mappings in the PingFederate documentation.
    A screenshot of the Authentication Source Mapping page, showing the Map New Adapter Instance button.

  14. When you return to the Assertion Creation page, click Next

  15. On the Protocol Settings page, click Configure Protocol Settings.

  16. On the Allowable SAML Bindings page, ensure that only the POST and Redirect profiles are selected and click Next.

    A screenshot of the Allowable SAML Bindings page, showing the POST and REDIRECT checkboxes checked.

  17. On the next page, ensure that the Always sign the SAML Assertion is selected and click Next.

  18. On the Browser SSO page, click Next and on the Credentials page, click Configure Credentials.

    Learn more in Configuring digital signatures for service provider connections in the PingFederate documentation.

  19. If you have not yet created or imported a signing certificate, click Manage Certificates and do so now. Learn more in Managing digital signing certificates and decryption keys in the PingFederate documentation.

    A screenshot of the Digital Signature Settings page, showing a signing certificate imported.

  20. Click Next.

  21. On the Summary page, click Done.

  22. On the Credentials page, click Next.

  23. On the Activation & Summary page, Activate the SP Connection.

  24. On the Activation & Summary page, click Save.