Documentation for SimpleSAMLphp + PingIdentity integration?

[Peter Wolfenden]

I see that SimpleSAMLphp is advertised as being interoperable with
PingIdentity, but I haven't yet been able to find any specific
examples or recommendations related to PingIdentity in the
SimpleSAMLphp 1.8 documentation (although a 2008 posting seems to
suggest that a PingFederate guide for SimpleSAMLphp would be
forthcoming: https://rnd.feide.no/2008/08/21/learning_more_about_pingfederate/).

I'm specifically interested in integrating my web application as a
Service Provider (using the SimpleSAMLphp ACS) with PingIdentity as an
Identity Provider.

Can someone please point me to the relevant documentation (if indeed
it exists)?

[Andreas Åkre Solberg]

We do not provide specific documentation on integrating PingIdentity with SimpleSAMLphp.

Both simpleSAMLphp and PingIdentity provide generic documentation about how to connect to other entities. As a Service Provider, you should not need to take into consideration what software implementation is on the other side; instead follow standard procedures of exchanging SAML 2.0 XML metadata etc.

Hope this helps, and good luck.

Andreas

 

[Peter Wolfenden]

Thanks for reading my post.

But I found that I had to add the following lines to metadata/saml20-
idp-remote.php on my SP in order to make the local (on the SP)
authentication.php script work properly with a "test" IdP (configured
on idp.my.domain using another instance of SimpleSAMLphp):

$metadata['https://idp.my.domain:34443'] = array(
'name' => array(
'en' => 'My Test Server'
),
'description' => 'Login with test credentials.',
'SingleSignOnService' => 'https://idp.my.domain:34443/simplesaml/
saml2/idp/SSOService.php',
'SingleLogoutService' => 'https://idp.my.domain:34443/simplesaml/
saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:
37:97:1D:A1:F9'
);
$metadata['https://idp.my.domain:34443/simplesaml/saml2/idp/
metadata.php'] = array(
'name' => array(
'en' => 'My Test Server'
),
'description' => 'Login with test credentials.',
'SingleSignOnService' => 'https://idp.my.domain:34443/simplesaml/
saml2/idp/SSOService.php',
'SingleLogoutService' => 'https://idp.my.domain:34443/simplesaml/
saml2/idp/SingleLogoutService.php',
'certFingerprint' => 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:
37:97:1D:A1:F9'
);

I'm a SAML newbie, so I speak with zero authority on SAML in general -
but my suspicion is that the above configuration tweaks are *not*
generic in the sense that they *do* reflect some of the details of the
IdP and SP implementation (that ".php" suffix, for example, would be
surprising to see in an IdP implemented in another language).

So, when the time comes for me to make my SP work with a commercial
IdP (like PingFederate), I expect that I will need to make some
changes to my SP configs which do *not* look like the above changes.

So, I'll probably end up trying some things that don't work, and some
other things that kind of work, maybe pose some more questions on this
mailing list and scratch my head a bit, and then finally stumble onto
something that *does* work.

Hence my question about non-generic documentation for Ping Identity.
If it existed, it would almost certainly provide a more efficient path
to the same end.

Cheers,

Peter Wolfenden

On Apr 16, 12:05 am, Andreas Åkre Solberg <andreassolb...@gmail.com>
wrote:

[Dick Visser]

On 18 April 2012 22:34, Peter Wolfenden <pwolf...@qualys.com> wrote:

> Hence my question about non-generic documentation for Ping Identity.
> If it existed, it would almost certainly provide a more efficient path
> to the same end.

It think it just sprung into existence ;-)

--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands