When you configure AppScan Enterprise with the PingFederate service, you must add the
associated Single Sign-On, Issuer URLs and Token certificate to the SAML properties.
Before you begin
- You must be an AppScan Enterprise administrator to configure the PingFederate Identity Provider
(IdP).
- Your account must have the administrative access privilege to PingFederate application.
- You must have configured PingFederate as IdP for SAML in AppScan Enterprise. See, Enabling SAML Service
Provider.
About this task
When you configure IdP with an SP, unique entity URLs are generated by the IdP that your
SP identifies during SAML assertion. Each of these entity URLs contain information about the IdP
properties, which the SP identify and validate upon receiving user authentication request from the
IdP during SAML assertion. You must enter these entity URL values in the SAML properties file to
enable SAML identification process.
This section explains about updating the SAML Properties with
the PingFederate custom properties and the SAML Token signer certificate.
Procedure
-
Open the PingFederate application page by using the PingFederate URL in a browser.
The PingFederate login page is displayed.
-
Log in to the PingFederate account as an administrator.
The PingFederate Dashboard page is displayed.
-
Click the CONNECTIONS menu.
The AppScan Enterprise application you have configured is displayed in the Connections
page under the Applications section.
-
Click AppScan Enterprise application.
For example: ASE-SSO.
The AppScan Enterprise application configuration page is displayed.
-
Click the Configuration tab.
The following metadata generated for SAML-SSO properties by PingFederate are displayed.
- Issuer ID
- Initiate Single Sign On URL
- X.509 Certificate (For Download)
-
Click Download.
The certificate is downloaded in an XML format.
-
Open the certificate XML file and copy the certificate data.
Note: Before you copy the certificate data, you must convert the X.509 Certificate data into a
single line string format.
-
Copy all these metadata values corresponding to each of these properties to a notepad.
-
Go to the server where you have installed the AppScan Enterprise application.
-
Navigate to the configuration files folder in the installation directory where the AppScan
Enterprise software package is installed. For example: <installation directory>\AppScan
Enterprise\Liberty\usr\servers\ase\config.
-
Locate and open the SAML configuration properties,
onelogin.saml.properties, file in a text editor.
-
You must update the following custom properties in the SAML configuration properties file,
onelogin.saml.properties, with the metadata values you have noted.
SAML Property | Property values to update |
---|
onelogin.saml2.idp.single_sign_on_service.url |
Update the <Initiate Single Sign On URL> value. |
onelogin.saml2.idp.entityid |
Update the <ISSUER ID> value. |
onelogin.saml2.idp.x509cert |
Update the single line string value of the X.509 certificate, which you have noted. |
onelogin.saml2.sp.assertion_consumer_service.url |
Update this value with the value of <ASE url>/api/saml. |
onelogin.saml2.sp.entityid |
Update this value with the value of <ASE
url>/api/metadata.jsp. |
-
After updating the onelogin.saml.properties file, save and close the
file.
Results
The PingFederate Token certificate and SAML properties are updated in the SAML properties
file.
What to do next
You must now assign users in the PingFederate and provide SSO login access to AppScan
Enterprise application service provider.