2

I need to integrate PingFederate with Salesforce using SP-initiated SSO.

My aim is that users in Active Directory will be automatically logged in when they access the Salesforce Application URL. I have created the SP connection to Salesforce in PingFederate and uploaded the PingFederate Certificate in Salesforce. In Salesforce I have set the IdP Issuer Entity ID to match the one in PingFederate.

For SP-initiated SSO, which URL do I need to give the browser to test if this setup is working correctly?

Scott T.
  • 6,152
  • 1
  • 26
  • 32
user1537056
  • 45
  • 1
  • 6

1 Answers1

1

I believe SFDC requires you to establish who your IDP is via Unsolicited SSO (IDP-Init) before SP-Init is automatically triggered when you attempt to access a SFDC protected page. Once IDP-Init SSO is completed successfully, SFDC sets your last known IDP as a persistent cookie in your browser.

IDP-Init is pretty simple to do in PF. Just ensure that IDP-Init and SP-Init SSO is enabled in your SP Connection. After that, when you look at the SP Connection Summary page, you should then see a "Connection URL" that looks like -- "https://pingfederateserver.com/idp/startSSO.ping?PartnerSpId=

Give it a shot - if it doesn't work the Ping Support team can quickly help.

HTH - Ian

Ian
  • 4,227
  • 18
  • 19
  • 1
    Minor correction: SFDC no longer relies on a cookie if you use the My Domain feature. See: http://stackoverflow.com/a/8809290/636982 – Scott T. Jul 20 '12 at 16:13