Customer Help Portal
Configuring Ping Identity SAML Authentication
This article describes how to configure UVexplorer Server to use Ping Identity SAML authentication.
Create and Configure the UVexplorer Server Application in Ping Identity
- Login to the Ping Identity console
- Click on “Connections” in the left-side navigation bar
- Click on “Applications” in the list of options under “Connections”
- Click on the “+” button (top-left corner) to create a new application
- For the “Application Name” enter “UVexplorer Server”
- For the “Application Type” select “SAML Application”
- Click the “Configure” button
- Select the “Manually Enter” option
- In the “ACS URLs” field enter https://HOST:PORT/auth/saml-signin-callback . Replace “HOST” with the domain name of the machine running your server, and replace “PORT” with the TCP port number your server is using.
- In the “Entity ID” field enter https://uvexplorer.com/uvxserver
- Click the “Save” button to create the application
- Select the “Configuration” tab
- Copy and paste the “Issuer ID”, “Single Logout Service”, and “Single Signon Service” values into a text file so you can later copy and paste them into UVexplorer Server’s web console.
- Click the “Edit” (pencil) button in the top-right corner
- The “ACS URLs” field should already be filled in
- Leave the “Signing Key” field with its default value. Click the “Download Signing Certificate” button and select the “X509 PEM (.crt)” format. This will download the signing certificate file. You will need this file later when configuring SAML within UVexplorer Server’s web console.
- Select the “Sign Assertion” option
- In the “Signing Algorithm” field select “RSA_SHA256”
- Leave the “Enable Encryption” option unchecked
- The “Entity ID” field should already be filled in
- In the “SLO Endpoint” field enter https://HOST:PORT/auth/saml-logout . Again, replace “HOST” and “PORT” with the appropriate values.
- In the “SLO Response Endpoint” field enter https://HOST:PORT/auth/saml-logout . Again, replace “HOST” and “PORT” with the appropriate values.
- In the “SLO Binding” field select “HTTP Redirect”
- Leave the remaining fields with their default values
- Click the “Save” button
- Select the “Attribute Mappings” tab
- Click the “Edit” (pencil) button in the top-right corner
- Use the “Add” button in the top-right corner to add the following attribute mappings:
Attributes | PingOne Mappings |
saml_subject | User ID |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | Email Address |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | Given Name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | Username |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | Family Name |
Configure SAML Integration in UVexplorer Server
- Login to the UVexplorer Server web console using an administrator account
- Click on the “Admin” link (top-left corner)
- Select the “Authentication Settings” tab
- Check the “Enable SAML Single Sign-On” checkbox
- In the “SAML Provider Identifier” field, paste the “Issuer ID” value that you copied from the Ping Identity console
- In the “SAMLProvider Login URL” field, paste the “Single Signon Service” value that you copied from the Ping Identity console
- In the “SAML Provider Logout URL” field, paste the “Single Logout Service” value that you copied from the Ping Identity console
- In the “SAML Provider Signing Certificate” field, paste the contents of the signing certificate file you downloaded from the Ping Identity console
- Click the “Save SAML SSO Settings” button to save your settings
Add Ping Identity Users to the UVexplorer Server Application
- Login to the Ping Identity console
- Click on “Connections” in the left-side navigation bar
- Click on “Applications” in the options listed under “Connections”
- Select the “UVexplorer Server” application
- Select the “Access” tab on the right side
- Click the “Edit” (pencil) button
- Add all user groups that should have access to the UVexplorer Server application
- Click the “Save” button
- In the left-side navigation bar, click on “Identities”
- Click on “Users” in the options listed under “Identities”
- For each user that can access the application, click on the user to display their profile. Select the “API” tab to access the user’s unique “ID”. Copy the value in their “ID” field to a text file. These user IDs will be needed later to create corresponding user accounts within UVexplorer Server
Create a UVexplorer Server User Account For Each Ping Identity User
- Login to the UVexplorer Server web console using an administrator account
- Click on the “Admin” link (top-left corner)
- Click on the “Manage Users” tab
- For each Ping Identity user with access UVexplorer Server, do the following:
- In the drop-down menu next to the “Create User” button (top-left corner), select “SAML User”
- In the “Username” field enter the Ping Identity “ID” for the corresponding Ping Identity user (you should have copied these to a text file in the previous section). Alternatively, you may use the Ping Identity user’s username or email address as the “Username” for their UVexplorer Server account.
- Enter the user’s “First Name”, “Last Name”, and “Email Address”
- Select the appropriate “User Type”
- Optionally, select the groups the new user should be a member of
- Click the “OK” button to create the new user account
Ping Identity users should now be able to login to the UVexplorer Server web console. When logging in, they should select the “SAML Single Sign-On” authentication type and click the “Login” button. This should take them through the Ping Identity login process, including multi-factor authentication if that is enabled in Ping Identity. After logging in successfully, the user should be redirected back to the UVexplorer Server web console.