PingFederate (en)

Preparation

To use PingFederate you must have:

• Ping account,"My Ping" type.

Raketa provides you:

• ACS URL in the following format: https://raketa.travel/sso/acs?clientId=RAKETA_CLIENT_ID, where RAKETA_CLIENT_ID - client id in Raketa.
• SLO Endpoint in the following format: https://raketa.travel/sso/slo?clientId=RAKETA_CLIENT_ID, where RAKETA_CLIENT_ID - client id in Raketa.

• Entity ID in the following format: https://raketa.travel - service provider object identifier.

After all the necessary settings you should provide to Raketa:

• X509 REM.crt - auto-generated certificate file.
  
• Issuer ID - Ping identifier.
  
• Single Signon Service - your authorization web-page URL, which we will use to redirect users to your authentication system.
  
• Single Logout Service - your web-page URL, which we will use to redirect users after the logout.
  

Application configuration

1. Log in to the Ping website: https://www.pingidentity.com/en.html, select "My Ping" account type. 
   
   
2. Go to the "Administrators" space.
   
   
   
3. Use the side menu to go to the "Connections" section, 
   
   
   
4. When you go to "Connections" section, the subsection "Applications" [1] will automatically open. Clicking the "+ Add Application" button [2] to add a new application.
   
   
   
5. On the next screen, select "Web App" application type.
   
   
   
6. Next, select "SAML" connection type and click the "Configure" button to go to the configuration.
   
   
   
7. Create App Profile: specify the application name [1] and click the "Next" button [2] to go to the next step.
   
   
   
8. Configure SAML connection between your app and Ping:
   1. specify the ACS URL [1] provided by Raketa: https://raketa.travel/sso/acs?clientId=RAKETA_CLIENT_ID
   2. click the "Download Signing Certificate" button [2] to download the certificate file, select "X509 REM" format [3].
      
      
      
9. On the same screen, specify other data provided by Raketa:
   
   1. Entity ID [1]: https://raketa.travel
   2. SLO Endpoint [2]: https://raketa.travel/sso/slo?clientId=RAKETA_CLIENT_ID
      
   3. Assertion Validity Duration (in seconds) [3].
      Click the "Save and Continue" button to save the changes.
      
      
      

10. Map the attributes that link your application profiles to Ping profiles. For matching by emails, select "Email Address" PingOne User Attribute [1].
    Сlicking the "Save and Close" button [2] to save changes and complete the settings.

    
    
    
11. Enable access to the created application using the toggle [1].
    Provide auto-generated data [2] from the "Configuration" tab to Raketa:
    
    1. Issuer ID,
    2. Single Logout Service,
    3. Single Signon Service,
    4. and also, the certificate from step 8.b.