PingFederate Overview
This document introduces how to configure PingFederate to enable secure outbound and inbound solutions for single sign-on (SSO) to Talend Administration Center.
PingFederate provides browser-based SSO to enable secure identity information exchange across domains. It extends employee, customer, and partner identities without passwords, using only standard identity protocols such as SAML 2.0.
Note that SSO is only supported for Talend Administration Center. Talend Studio itself does not support SSO, although it works by passing credentials through Talend Administration Center. Talend only supports the HTTP Basic and HTML Form adapters. Other adapters are not supported.
For more information on system requirements and getting started with PingFederate, refer to the PingFederate documentation.
Creating Certificates in PingFederate
Before you begin
You must have an administrator PingFederate account configured.
Procedure
Exporting certificates to Talend Administration Center
About this task
Procedure
Importing a Certificate for Signing
Creating a Credential Validator
Creating Adapters
Procedure
- Go to the Identity Provider tab.
- Under Application Integration, click Adapters.
- Click Create New Instance and create the adapters you need as detailed below.
- Click Save.
Creating a HTML Form IdP Adapter
Creating a HTTP Basic IdP Adapter
Creating SP Connections
Configuring Browser SSO
Configuring Assertions
Mapping HTML Form IdP Adapter Instance
Mapping HTTP Basic IdP Adapter Instance
Procedure
What to do next
You must map the HTML Form IdP Adapter as well. For instruction, see Mapping HTML Form IdP Adapter Instance.
If the HTML Form IdP Adapter instance is already mapped, continue the procedure in Configuring Assertions.
Configuring Protocol Settings
Procedure
- On the SP Connection | Browser SSO | Protocol Settings page, navigate to the Assertion Consumer Service URL tab.
- Tick the Default check box.
- From the Binding drop-down list, select POST.
- In the Endpoint URL field, enter the Talend Administration Center SSO address. This URL should read like https://iam.<env>.cloud.talend.com/oidc/ssologin, where <env> is the name of your Cloud region, for example:
- Click Add, then Next.
- On the Signature Policy tab, leave the check box empty and click Next.
- On the Encryption Policy tab, leave the default option selected (None) and click Next.
- Verify the information on the Summary tab, then click Done.
Configuring Credentials
Procedure
- On the SP Connection | Credentials page, navigate to the Digital Signature Settings tab.
- From the Signing Certificate drop-down list, select the certificate imported in Importing a Certificate for Signing.
- Tick the Include the certificate in the signature <keyinfo> element. check box.
- Tick the Include the raw key in the signature <keyvalue> element. check box, then click Next.
- Verify the information on the Summary tab, then click Done.
Exporting Metadata
Procedure
- Go to the System tab.
- Under METADATA, click Metadata Export.
- On the Metadata Mode tab, leave the default selection and click Next.
- On the Connection Metadata tab, select the connection created in Creating SP Connections and click Next.
- From the Signing Certificate drop-down list, select the certificate imported in Importing a Certificate for Signing.
- Tick the Include the certificate in the signature <keyinfo> element. check box.
- Tick the Include the raw key in the signature <keyvalue> element. check box, then click Next.
- Verify the information on the Export & Summary tab, then click Export.
- Save the exported metadata file, then click Done.