Categories
< All Topics
Print

Configuring Ping Identity SAML Authentication

This article describes how to configure UVexplorer Server to use Ping Identity SAML authentication.

Create and Configure the UVexplorer Server Application in Ping Identity

  1. Login to the Ping Identity console
  2. Click on “Connections” in the left-side navigation bar
  3. Click on “Applications” in the list of options under “Connections”
  4. Click on the “+” button (top-left corner) to create a new application
  5. For the “Application Name” enter “UVexplorer Server”
  6. For the “Application Type” select “SAML Application”
  7. Click the “Configure” button
  8. Select the “Manually Enter” option
  9. In the “ACS URLs” field enter https://HOST:PORT/auth/saml-signin-callback . Replace “HOST” with the domain name of the machine running your server, and replace “PORT” with the TCP port number your server is using.
  10. In the “Entity ID” field enter https://uvexplorer.com/uvxserver
  11. Click the “Save” button to create the application
  12. Select the “Configuration” tab
  13. Copy and paste the “Issuer ID”, “Single Logout Service”, and “Single Signon Service” values into a text file so you can later copy and paste them into UVexplorer Server’s web console.
  14. Click the “Edit” (pencil) button in the top-right corner
  15. The “ACS URLs” field should already be filled in
  16. Leave the “Signing Key” field with its default value. Click the “Download Signing Certificate” button and select the “X509 PEM (.crt)” format. This will download the signing certificate file. You will need this file later when configuring SAML within UVexplorer Server’s web console.
  17. Select the “Sign Assertion” option
  18. In the “Signing Algorithm” field select “RSA_SHA256”
  19. Leave the “Enable Encryption” option unchecked
  20. The “Entity ID” field should already be filled in
  21. In the “SLO Endpoint” field enter https://HOST:PORT/auth/saml-logout . Again, replace “HOST” and “PORT” with the appropriate values.
  22. In the “SLO Response Endpoint” field enter https://HOST:PORT/auth/saml-logout . Again, replace “HOST” and “PORT” with the appropriate values.
  23. In the “SLO Binding” field select “HTTP Redirect”
  24. Leave the remaining fields with their default values
  25. Click the “Save” button
  26. Select the “Attribute Mappings” tab
  27. Click the “Edit” (pencil) button in the top-right corner
  28. Use the “Add” button in the top-right corner to add the following attribute mappings:
AttributesPingOne Mappings
saml_subjectUser ID
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressEmail Address
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameGiven Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUsername
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameFamily Name

Configure SAML Integration in UVexplorer Server

  1. Login to the UVexplorer Server web console using an administrator account
  2. Click on the “Admin” link (top-left corner)
  3. Select the “Authentication Settings” tab
  4. Check the “Enable SAML Single Sign-On” checkbox
  5. In the “SAML Provider Identifier” field, paste the “Issuer ID” value that you copied from the Ping Identity console
  6. In the “SAMLProvider Login URL” field, paste the “Single Signon Service” value that you copied from the Ping Identity console
  7. In the “SAML Provider Logout URL” field, paste the “Single Logout Service” value that you copied from the Ping Identity console
  8. In the “SAML Provider Signing Certificate” field, paste the contents of the signing certificate file you downloaded from the Ping Identity console
  9. Click the “Save SAML SSO Settings” button to save your settings

Add Ping Identity Users to the UVexplorer Server Application

  1. Login to the Ping Identity console
  2. Click on “Connections” in the left-side navigation bar
  3. Click on “Applications” in the options listed under “Connections”
  4. Select the “UVexplorer Server” application
  5. Select the “Access” tab on the right side
  6. Click the “Edit” (pencil) button
  7. Add all user groups that should have access to the UVexplorer Server application
  8. Click the “Save” button
  9. In the left-side navigation bar, click on “Identities”
  10. Click on “Users” in the options listed under “Identities”
  11. For each user that can access the application, click on the user to display their profile. Select the “API” tab to access the user’s unique “ID”. Copy the value in  their “ID” field to a text file. These user IDs will be needed later to create corresponding user accounts within UVexplorer Server

Create a UVexplorer Server User Account For Each Ping Identity User

  1. Login to the UVexplorer Server web console using an administrator account
  2. Click on the “Admin” link (top-left corner)
  3. Click on the “Manage Users” tab
  4. For each Ping Identity user with access UVexplorer Server, do the following:
    1. In the drop-down menu next to the “Create User” button (top-left corner), select “SAML User”
    2. In the “Username” field enter the Ping Identity “ID” for the corresponding Ping Identity user (you should have copied these to a text file in the previous section). Alternatively, you may use the Ping Identity user’s username or email address as the “Username” for their UVexplorer Server account.
    3. Enter the user’s “First Name”, “Last Name”, and “Email Address”
    4. Select the appropriate “User Type”
    5. Optionally, select the groups the new user should be a member of
    6. Click the “OK” button to create the new user account

Ping Identity users should now be able to login to the UVexplorer Server web console. When logging in, they should select the “SAML Single Sign-On” authentication type and click the “Login” button. This should take them through the Ping Identity login process, including multi-factor authentication if that is enabled in Ping Identity. After logging in successfully, the user should be redirected back to the UVexplorer Server web console.

Table of Contents