Configuring Ping Identity SAML Authentication
Print
Created by: Ken Rodham
Modified on: Thu, 25 May, 2023 at 7:39 PM
This article describes how to configure UVexplorer Server to use Ping Identity SAML authentication.
Create and Configure the UVexplorer Server Application in Ping Identity
Login to the Ping Identity console
Click on "Connections" in the left-side navigation bar
Click on "Applications" in the list of options under "Connections"
Click on the "+" button (top-left corner) to create a new application
For the "Application Name" enter "UVexplorer Server"
For the "Application Type" select "SAML Application"
Click the "Configure" button
Select the "Manually Enter" option
In the "ACS URLs" field enter https://HOST:PORT/auth/saml-signin-callback . Replace "HOST" with the domain name of the machine running your server, and replace "PORT" with the TCP port number your server is using.
Click the "Save" button to create the application
Select the "Configuration" tab
Copy and paste the "Issuer ID", "Single Logout Service", and "Single Signon Service" values into a text file so you can later copy and paste them into UVexplorer Server's web console.
Click the "Edit" (pencil) button in the top-right corner
The "ACS URLs" field should already be filled in
Leave the "Signing Key" field with its default value. Click the "Download Signing Certificate" button and select the "X509 PEM (.crt)" format. This will download the signing certificate file. You will need this file later when configuring SAML within UVexplorer Server's web console.
Select the "Sign Assertion" option
In the "Signing Algorithm" field select "RSA_SHA256"
Leave the "Enable Encryption" option unchecked
The "Entity ID" field should already be filled in
In the "SLO Endpoint" field enter https://HOST:PORT/auth/saml-logout . Again, replace "HOST" and "PORT" with the appropriate values.
In the "SLO Response Endpoint" field enter https://HOST:PORT/auth/saml-logout . Again, replace "HOST" and "PORT" with the appropriate values.
In the "SLO Binding" field select "HTTP Redirect"
Leave the remaining fields with their default values
Click the "Save" button
Select the "Attribute Mappings" tab
Click the "Edit" (pencil) button in the top-right corner
Configure SAML Integration in UVexplorer Server
Login to the UVexplorer Server web console using an administrator account
Click on the "Admin" link (top-left corner)
Select the "Authentication Settings" tab
Check the "Enable SAML Single Sign-On" checkbox
In the "SAML Provider Identifier" field, paste the "Issuer ID" value that you copied from the Ping Identity console
In the "SAMLProvider Login URL" field, paste the "Single Signon Service" value that you copied from the Ping Identity console
In the "SAML Provider Logout URL" field, paste the "Single Logout Service" value that you copied from the Ping Identity console
In the "SAML Provider Signing Certificate" field, paste the contents of the signing certificate file you downloaded from the Ping Identity console
Click the "Save SAML SSO Settings" button to save your settings
Add Ping Identity Users to the UVexplorer Server Application
Login to the Ping Identity console
Click on "Connections" in the left-side navigation bar
Click on "Applications" in the options listed under "Connections"
Select the "UVexplorer Server" application
Select the "Access" tab on the right side
Click the "Edit" (pencil) button
Add all user groups that should have access to the UVexplorer Server application
Click the "Save" button
In the left-side navigation bar, click on "Identities"
Click on "Users" in the options listed under "Identities"
For each user that can access the application, click on the user to display their profile. Select the "API" tab to access the user's unique "ID". Copy the value in their "ID" field to a text file. These user IDs will be needed later to create corresponding user accounts within UVexplorer Server
Create a UVexplorer Server User Account For Each Ping Identity User
Login to the UVexplorer Server web console using an administrator account
Click on the "Admin" link (top-left corner)
Click on the "Manage Users" tab
For each Ping Identity user with access UVexplorer Server, do the following:
In the drop-down menu next to the "Create User" button (top-left corner), select "SAML User"
In the "Username" field enter the Ping Identity "ID" for the corresponding Ping Identity user (you should have copied these to a text file in the previous section). Alternatively, you may use the Ping Identity user's username or email address as the "Username" for their UVexplorer Server account.
Enter the user's "First Name", "Last Name", and "Email Address"
Select the appropriate "User Type"
Optionally, select the groups the new user should be a member of
Click the "OK" button to create the new user account
Ping Identity users should now be able to login to the UVexplorer Server web console. When logging in, they should select the "SAML Single Sign-On" authentication type and click the "Login" button. This should take them through the Ping Identity login process, including multi-factor authentication if that is enabled in Ping Identity. After logging in successfully, the user should be redirected back to the UVexplorer Server web console.
Ken is the author of this solution article.
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.
