Follow the instruction steps in this section to apply your Authentication API, SSO Agent and Relying Party configuration to Ping Identity PingFederate Internal Applications and/or Identity Management System.

Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary section for more information.

Procedure

1. On the Target Session Mapping page, click Map New Adapter Instance button.

2. On the Adapter Instance page, click the Manage Adapter Instances button.

3. On the Manage SP Adapter Instances page, click Create New Instance button.

​4. On the Type page, enter INSTANCE NAME and INSTANCE ID, select OpenToken SP Adapter from the Type drop-down menu and click Next.

5. On the Instance Configuration page, enter the PASSWORD and CONFIRM PASSWORD field values (This is used to generate the encryption key and is not referenced elsewhere) and click Next.

6. On the Actions Page, click Next.

7. On the Extended Contract page, click Next.

8. On the Target App Info page, leave the APPLICATION NAME and URL fields blank and click Next.

9. On the Manage SP Adapter Instances page, click Save.

10. On the Adapter Instance page, from the ADAPTER INSTANCE drop-down, select the adapter name created above and click Next.

11. On the Adapter Data Store page, select the USE ONLY THE ATTRIBUTES AVAILABLE IN THE SSO ASSERTION radio button and click Next.

12. On the Adapter Contract Fulfillment page, select Assertion from the Source drop-down menu, SAML_SUBJECT from the Value drop-down menu and click Next.

13. On the Issuance Criteria page, click Next.

14. On the Summary page, review the information and click Done.

15. On the Target Session Mapping page, click Next.

16. On the Summary page, review the information and click Done.

17. On the User-Session Creation page, click Next.

18. On the Protocol Settings page, click Configure Protocol Settings button.

19. On the SSO Service URLs page, click Next.

20. On the Allowable SAML Bindings page, check the POST and REDIRECT check-boxes only and click Next.

Note:  RSA SecurID Access does not support ARTIFACT and SOAP SAML binding methods.

21. On the Overrides page, click Next.

22. On the Signature policy page, select the USE SAML-STANDARD SIGNATURE REQUIREMENTS radio button and click Next.

23. On the Encryption Policy page, select the NONE radio button and click Next.

24. On the Summary page, review the information and click Done.

25. On the Protocol Settings page, review the information and click Next.

26. On the Summary page, review the information and click Done.

27. On the Browser SSO page, click Next.

28. On the Credentials page, click Next.

29. On the Activation & Summary page, toggle the Connection Status to Active, make note of the SSO Application Endpoint URL and click Save.

30. On the Service Provider page, under IDP CONNECTIONS, click Manage All button.

31. On the IdP Connections page, locate the IdP Connection just created, open the Select Action menu and click Export Metadata.

Note:  If you had set temporary placeholder values during the RSA SecurID Access SAML IdP configuration, then go back and replace them using the PingFederate SAML SP metadata file.

Configuration is complete.

Return to the main page for more certification related information.