SSO - Ping Identity SAML
Security / SSO - Ping Identity SAML

The following recommended configuration settings should be utilized when configuring StatusDashboard to authenticate against Ping Identity.

Ping Identity Settings

StatusDashboard - Administrator

In order to configure Ping Identity to authenticate StatusDashoard administrators, login to your Ping Identity account and create a new Ping Identity app using the settings listed below. Once the app has been configured, download the Ping Identity SAML Metadata for the app to obtain the SingleSignOnService, entityID, SingleLogoutService and the X509Certificate. You will need to enter these values into the StatusDashboard configuration at Security > Single Sign-On > Options > SAML SSO (Admin) in the Identity Provider (IdP) section.

Ping Identity Application Creation Step

Setting / Description

Step 1

Enter StatusDashboard - Admin in the Ping Identity Application Name configuration field.  All other settings are optional.

Step 2

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Assertion Consumer Service (ACS) field under Service Provider.  Enter this value in the Ping Identity Assertion Consumer Service (ACS) configuration field.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Entity ID / Issuer field under Service Provider.  Enter this value in the Ping Identity Entity ID configuration field.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Single Logout Service (SLO) field under Service Provider.  Enter this value in the Ping Identity Single Logout Endpoint field.

Set the Ping Identity Single Logout Binding Type to Redirect.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Current x509 Certificate Details field under Service Provider.  Save this certificate to your local computer, and upload under the Ping Identity Primary Verification Certificate.

Step 3

Create an Application Attribute named SAML_SUBJECT with an Identity Bridge Attribute named Email. Under Advanced settings, set the Name ID Format to send to SP to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

Save & Publish the application.

Step 4

Finish and test login.


StatusDashboard - Dashboard

In order to configure Ping Identity to authenticate your customers/users against your status dashboard, login to your Ping Identity account and create a new Ping Identity app using the settings listed below. Once the app has been configured, download the Ping Identity SAML Metadata for the app to obtain the SingleSignOnService, entityID, SingleLogoutService and the X509Certificate. You will need to enter these values into the StatusDashboard configuration at Security > Single Sign-On > Options > SAML SSO (Dashboard) in the Identity Provider (IdP) section.

Ping Identity Application Creation Step

Setting / Description

Step 1

Enter StatusDashboard - Dashboard in the Ping Identity Application Name configuration field.  All other settings are optional.

Step 2

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Assertion Consumer Service (ACS) field under Identity Provider (IdP).  Enter this value in the Ping Identity Assertion Consumer Service (ACS) configuration field.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Entity ID / Issuer field under Identity Provider (IdP).  Enter this value in the Ping Identity Entity ID configuration field.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Single Logout Service (SLO) field under Identity Provider (IdP).  Enter this value in the Ping Identity Single Logout Endpoint field.

Set the Ping Identity Single Logout Binding Type to Redirect.

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Current x509 Certificate Details field under Identity Provider (IdP).  Save this certificate to your local computer, and upload under the Ping Identity Primary Verification Certificate.

Step 3

Create an Application Attribute named SAML_SUBJECT with an Identity Bridge Attribute named Email. Under Advanced settings, set the Name ID Format to send to SP to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

Save & Publish the application.

Step 4

Finish and test login.


StatusDashboard Settings - Service Provider

In order to configure the StatusDashboard Service Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

x509 Certificate

Select StatusDashboard or Comodo

Select StatusDashboard or Comodo

If your IdP implementation requires a trusted certificate, then choose the Comodo signed certificate (assuming your IdP trusts the Comodo CA certificate). If your IdP does not require a trusted certificate, then choose the StatusDashboard self signed certificate. The StatusDashboard self signed certificate is the preferred option because it has a long expiration time and will not be refreshed whereas the Comodo certificate could be refreshed periodically (requiring you to update your IdP configuration).

Sign AuthN Request

Enabled

Enabled

Sign Logout Request

Enabled

Enabled

Sign Logout Response

Enabled

Enabled

Sign Metadata

Enabled

Enabled


This option can be set either way and is not dependent on the Ping Identity configuration.

Signature Algorithm

rsa-sha1

rsa-sha1

Can be set to any signature algorithm.

Digest Algorithm

sha1

sha1

Can be set to any digest algorithm.

Encrypt Name ID

Disabled

Disabled


Include Authentication Context

Enabled

Enabled


StatusDashboard Settings - Identity Provider

In order to configure the StatusDashboard Identity Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

Entity ID / Issuer

Insert the Ping Identity entityID.

Insert the Ping Identity entityID.


Single Sign-On (SSO) Service URL

Insert the Ping Identity SingleSignOnService.

Insert the Ping Identity SingleSignOnService.


Single Logout Service (SLO) URL

Insert the Ping Identity SingleLogoutService and enable the toggle button.

Insert the Ping Identity SingleLogoutService and enable the toggle button.


IdP Logout URL


Not required.

Logout Redirect URL



Not required.

x509 Certificate

[x509 cert in PEM format]

[x509 cert in PEM format]

Enter the Ping Identity x509Certificate.

Require Message Signature

Disabled

Disabled

Require Assertion Signature

Enabled

Enabled

Require NameID Encryption

Disabled

Disabled

Still have questions?  Contact our support team.  We're always happy to help with any questions you might have.