Ping Identity
In this document you are going to set up IDmelon as an external IdP to the Ping Identity.
Login to Ping Identity administration panel
Login to Ping Identity.
Open Ping Identity dashboard.
on the rightside hand of navbar Click on Administrators
Add Identity Provider
Click Connection
Under IDENTITY PROVIDERS Click on External IdPs
Click on Add Provider
Click on SAML
Configure SAML 2.0 IdP
Configure SAML 2.0 IdP
Create IdP Profile
NAME : Custom_name
DESCRIPTION : Custom_description
ICON : Custom_icon
LOGIN BUTTON : Custom_login_button
Continue
Configure PingOne Connection then select Continue
Configure IdP Connection
Choose : Manually enter the following metadata information
Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.
SSO endpoint : idmelon single sign on url
IdP entity ID : idp_issuer_uri
SSO binding : Specifies the binding to use for the authentication request. Select HTTP Post or HTTP Redirect.
VERIFICATION CERTIFICATE : idp_certificate_download_url
Save and Continue
On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes. For more information, see Mapping attributes
Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes
To add an attribute, click \+ Add attribute
To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder
Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
Empty only: Update the PingOne attribute only if the existing attribute is empty.
Always: Always update the PingOne directory attribute.
Save & Finish
Enabling or disabling IDmelon as Identity Provider : Reference
Finish
Setting idp-init for Ping Identity
According to Ping Identity document
Go to Connections → Applications
Add a new Oidc Application
Add Application
Choose a custom application Name
Choose a custom application Description
Choose a custom application ICON
Choose OIDC Web App
Save
Go to Oidc app which created
Activate Oidc app which on the rightside
Go to Configuration then click on Icon edit
Go to Connections → Applications
for Admins IdP init Login
Click on PingOne Admin Console
Copy Home Page URL
Done
for users IdP init Login:
Click on PingOne Application Portal
Copy Home Page URL
Done
Paste Home Page URL to Initiate Login URI field
Paste Home Page URL to Target Link URI field
Click the Overview tab.
Locate the Client ID and copy it to a relaystate field of IDmelon.
Example : Relaystate = applicationId=Custom Client ID
IDmelon SAML configuration
Go toConnections → External IdPs
Go to IDmelon IdP then click on IdP Configuration click edit
Download -> DOWNLOAD METADA File
You should upload metadata file and copy values of below fields from this Ping Identity panel to IDmelon Panel.
Go to IDmelon IdP then click on P1 Connection click edit
Copy -> PINGONE (SP) ENTITY ID
Select your SIGNING CERTIFICATE
select RSA_SHA256 in SIGNING ALGORITHM field
You should copy values of below fields from this Ping Identity panel to IDmelon Panel.
Passwordless
1
Open Admin dashboard of Ping Identity
2
Click on Experiences then Authentication Admin dashboard of Ping Identity
3
Under Authentication Policies
3
Choose or Createyour custom Authentication
3
example :
Click on PRESENTED IDENTITY PROVIDERS
Choose Idmelon as Identity Provider
Save
API Token
Click on Connections then Applications
Click on Add Applications then Choose Worker
Choose Custom name
Optional : Custom description
Click on Save
Click on Worker hen Click on Configuration
Scroll down then Click on Get Access Token
Copy Access Token click on Done
Note : Activate Worker Application
Done