Aware 2.0- PingFederate SAML 2.0

This article contains information on configuring PingFederate SAML 2.0 with Aware, including required customer-provided details, step-by-step setup instructions, and guidelines for completing the SSO integration.

To configure PingFederate SAML 2.0 with Aware, you will need to provide the following information in order to complete the SSO integration.

• Identity Provider Single Sign-On URL
• X.509 Certificate

Follow the instructions below to complete the steps for integrating Aware into the customer's PingFederate environment:

Identity Provider Single Sign-On URL and X.509 Certificate information will be generated at the end of this instruction.

1. Log in into your PingFederate Identity Provider Admin View

2. Go to SP Connection | Create New
3. Connection Template: DO NOT USE A TEMPLATE FOR THIS CONNECTION

4. Connection Type: BROWSER SSO PROFILES | PROTOCOL SAML 2.0

5. Connection Options: BROWSER SSO

6. Import Metadata: METADATA: NONE

General Information:

• Single sign on URL: https://wiretap-prod.auth0.com/login/callback?connection=YOUR_DOMAIN_NAME
• PARTNER'S ENTITY ID (CONNECTION ID): urn:auth0:wiretap-prod:YOUR_DOMAIN_NAME
• CONNECTION NAME: Aware
• BASE URL: https://wiretap-prod.auth0.com
• COMPANY: Aware
• LOGGING MODE: STANDARD

7. Browser SSO: Configure Browser SSO

8. Browser SSO > SAML Profiles: SP-INITIATED SSO | SP-INITIATED SLO

9. Browser SSO > Assertion Lifetime: MINUTES BEFORE: 5 | MINUTES AFTER: 5

10. Browser SSO > Assertion Creation: Configure Assertion Creation

11. Browser SSO > Assertion Creation > Identity Mapping: STANDARD: send the AP a known attribute values as the name identifier. The SP will often use account mapping to identify the user locally.

12. Browser SSO > Assertion Creation > Attribute Contract:

• SAML_SUBJECT: urn:oasis:names:tc:SAML:11:nameid-format:unspecified
• Extend the Contract: urn:oasis:names:tc:SAML:2.0:attrname-format:basic

13. Browser SSO > Assertion Creation > Authentication Source Mapping: