PingFederate with SafeConsole
Compatible Software Versions:
SafeConsole Server 5.2.2+
PingFederate for SafeConsole allows users move between services securely and uninterrupted without specifying their credentials each time. SSO effectively joins these individual services into portals and removes the service boundaries - switching from one application to the next appears seamless to the user.
The users credentials are provided directly to the central PingFederate SSO server, not the actual service that the user is trying to access, and therefore the credentials cannot be cached by the service. The central authentication point – the SSO service – limits the possibility of phishing.
SafeConsole requires an SP connection to be setup within PingFederate.
You can upload (located at the bottom of this article) the SP-pingfederate-connection.xml file to your Pingfederate server and make the appropriate changes for integration. The changes that will need to be made within your server can be found below:
1. SSO Application Endpoint - You will need to change the URL to match your server
2. Assertion Consumer and SLO Service URL - You will need to change the URL to match your server
3. Change the LDAP settings to match your AD server settings if integrating with Active Directory. The DataStore and the Base DN will need to be changed to match your environment.
Once you have the SP connection set and your LDAP settings correct, you will need to import the Metadata into SafeConsole.
Note: When using SSO please ensure that "Enable Custom Role-Based Security System" is checked in the "Admins" tab on your SafeConsole server. When adding users to roles be sure to match role names exactly as spelled as they are case-sensitive.