Updating PingFederate Token certificate and Custom properties for SAML

When you configure AppScan Enterprise with the PingFederate service, you must add the associated Single Sign-On, Issuer URLs and Token certificate to the SAML properties.

Before you begin

  • You must be an AppScan Enterprise administrator to configure the PingFederate Identity Provider (IdP).
  • Your account must have the administrative access privilege to PingFederate application.
  • You must have configured PingFederate as IdP for SAML in AppScan Enterprise. See, Enabling SAML Service Provider.

About this task

When you configure IdP with an SP, unique entity URLs are generated by the IdP that your SP identifies during SAML assertion. Each of these entity URLs contain information about the IdP properties, which the SP identify and validate upon receiving user authentication request from the IdP during SAML assertion. You must enter these entity URL values in the SAML properties file to enable SAML identification process.

This section explains about updating the SAML Properties with the PingFederate custom properties and the SAML Token signer certificate.

Procedure

  1. Open the PingFederate application page by using the PingFederate URL in a browser.
    The PingFederate login page is displayed.
  2. Log in to the PingFederate account as an administrator.
    The PingFederate Dashboard page is displayed.
  3. Click the CONNECTIONS menu.
    The AppScan Enterprise application you have configured is displayed in the Connections page under the Applications section.
  4. Click AppScan Enterprise application.
    For example: ASE-SSO.
    The AppScan Enterprise application configuration page is displayed.
  5. Click the Configuration tab.
    The following metadata generated for SAML-SSO properties by PingFederate are displayed.
    • Issuer ID
    • Initiate Single Sign On URL
    • X.509 Certificate (For Download)
  6. Click Download.
    The certificate is downloaded in an XML format.
  7. Open the certificate XML file and copy the certificate data.
    Note: Before you copy the certificate data, you must convert the X.509 Certificate data into a single line string format.
    Tip: You can use the https://www.samltool.com/format_x509cert.php tool to convert certificate data into different formats such as single line string format.
  8. Copy all these metadata values corresponding to each of these properties to a notepad.
  9. Go to the server where you have installed the AppScan Enterprise application.
  10. Navigate to the configuration files folder in the installation directory where the AppScan Enterprise software package is installed. For example: <installation directory>\AppScan Enterprise\Liberty\usr\servers\ase\config.
  11. Locate and open the SAML configuration properties, onelogin.saml.properties, file in a text editor.
  12. You must update the following custom properties in the SAML configuration properties file, onelogin.saml.properties, with the metadata values you have noted.
    SAML PropertyProperty values to update
    onelogin.saml2.idp.single_sign_on_service.url Update the <Initiate Single Sign On URL> value.
    onelogin.saml2.idp.entityid Update the <ISSUER ID> value.
    onelogin.saml2.idp.x509cert Update the single line string value of the X.509 certificate, which you have noted.
    onelogin.saml2.sp.assertion_consumer_service.url Update this value with the value of <ASE url>/api/saml.
    onelogin.saml2.sp.entityid Update this value with the value of <ASE url>/api/metadata.jsp.
  13. After updating the onelogin.saml.properties file, save and close the file.

Results

The PingFederate Token certificate and SAML properties are updated in the SAML properties file.

What to do next

You must now assign users in the PingFederate and provide SSO login access to AppScan Enterprise application service provider.