SSO Login via SAML (Ping federator as my identity provider, Drupal as SP)

0
votes

I am implementing SSO login via SAML (using Ping Federator as Idp, Drupal as Service Provider). In Idp initiated login, how does IDP knows to which service provider it should send SAML response?

2
single-sign-onpingsimplesamlphp
Are you asking how you should provide that data to it, or how the software itself works?Joshua Drake
In my organization we have four planets (QA, DEV, PROD, OPS), each planet has its own developer portal (Drupal). I just want to know how does IDP (Ping) knows to which SP it should send saml respone. (I want to clarify this before implementing SSO).kalyan

2 Answers

0
votes

That is implementation dependent but PingFederate would use a partnerSpId parameter to the IDP-init-SSO /idp/startSSO.ping endpoint documented at: https://documentation.pingidentity.com/pingfederate/pf84/index.shtml#concept_idpEndpoints.html

0
votes

From my understanding of the question it sounds like you're asking about EntityId. Every connection (whether a IDP or SP) has an EntityId associated with it. The way any IDP tells which SP is connected to it is through the PartnerEntityId, setup through the connection inside PingFederate.