I need to integrate PingFederate with Salesforce using SP-initiated SSO.
My aim is that users in Active Directory will be automatically logged in when they access the Salesforce Application URL. I have created the SP connection to Salesforce in PingFederate and uploaded the PingFederate Certificate in Salesforce. In Salesforce I have set the IdP Issuer Entity ID to match the one in PingFederate.
For SP-initiated SSO, which URL do I need to give the browser to test if this setup is working correctly?
I believe SFDC requires you to establish who your IDP is via Unsolicited SSO (IDP-Init) before SP-Init is automatically triggered when you attempt to access a SFDC protected page. Once IDP-Init SSO is completed successfully, SFDC sets your last known IDP as a persistent cookie in your browser.
IDP-Init is pretty simple to do in PF. Just ensure that IDP-Init and SP-Init SSO is enabled in your SP Connection. After that, when you look at the SP Connection Summary page, you should then see a "Connection URL" that looks like -- "https://pingfederateserver.com/idp/startSSO.ping?PartnerSpId=
Give it a shot - if it doesn't work the Ping Support team can quickly help.
HTH - Ian