I'm trying to understand the basic flow of an IdP-initiated SSO from a developer's point of view. I am also trying to trace this flow from the sample application provided together with the .NET Integration Kit.
Based on this link: http://documentation.pingidentity.com/display/PF610/OpenToken+Adapter+Configuration
- The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The Adapter encrypts the data internally and generates an OpenToken.
Question: How does the PingFederate server parse the SAML assertion? Do I have to code it from the SP server? Or will the set-up of the PingFederate server do the parsing?
What I know for now is that I need to develop the part that parses the OpenToken that is returned by the PingFederate server.
Found this video that provided answer to my questions. https://ping.force.com/Support/PingIdentityVideoLibrary?id=1011570451001
It turns out that no coding is needed for the PingFederate server, we just have to configure it both for the IdP and the SP side so that they can communicate.