Configuring Ping Identity SAML Single Sign-On to 0patch Central

mitja.kolsek -

If your organization uses Ping Identity, this guide will help you create an App integration for 0patch Central using SAML 2.0.

After the App integration is successfully created, your users will be able to use one-click access to 0patch Central from their Ping Identity Application Portal.

 

Creating an App integration for 0patch Central

  1. Make sure to have users created in 0patch Central, and that they're active (not just invited).
  2. Log in to 0patch Central and under ACCOUNT -> SINGLE SIGN-ON, enable SAML. Keep the page open so you'll be able to copy data from/to Ping Identity.
  3. In another browser tab, log into Ping Identity as administrator.
  4. In the Admin Console, go to Applications > Applications.
  5. Click "+" to add a new application.
  6. Name the application "0patch Central"
  7. Select "SAML Application" as Application Type.
  8. Click "Configure".
  9. Under "SAML Configuration", select "Manually Enter".
  10. For "ACS URLs", copy the value "SAML Assertion Consumer Service URL" from 0patch Central
  11. For "ENTITY ID", copy the value "Audience" from 0patch Central
  12. Click "Save". The new application is now created. Keep its page open.
  13. Open the application's "Configuration" tab.
  14. Copy the value "Initiate Single Sign-On URL" from Ping Identity to "SAML SSO link" in 0patch Central.
  15. Copy the value "Issuer ID" from Ping Identity to "Entity ID / Issuer link" in 0patch Central.
  16. Click "Download Signing Certificate", then select "X509 PEM (.crt)" and download the certificate to your computer.
  17. Open the downloaded certificate in a text editor, copy the entire content and paste it to "SAML SSO certificate" field in 0patch Central.
  18. Save SAML configuration in 0patch Central.
  19. In Ping Identity, open the application's "Attribute Mappings" tab.
  20. Edit attribute mappings by clicking the blue pen icon.
  21. For the "saml_subject" attribute, click the "Advanced Expression" (grey cogs) icon to open the Expression editor.
  22. Enter the following expression and click "Save" to save the expression:
    user.emailVerified?user.email:"[unverified email]"
    (Important: this expression makes sure that users can't change their own email address to another user's and login as them without being able to verify such address).
  23. Click "Save" to save attribute mappings.
  24. Make sure the new application is enabled (big blue/gray switch next to its name).
  25. If you don’t have Ping Identity users with emails corresponding to 0patch users, create them.
  26. Users should now have the 0patch Central application on their Ping Identity Application Portal and should be able to login to 0patch Central by clicking on it.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.