Search code examples
javasamlpingfederate

PingFederate SAML basic setup

I could use some help with getting SSO using PingFederate (SAML) for a web app.

I have a web application that has password authentication and google SSO integration and I want to add support for SSO with PingIdentity as well. It's for an organization that has their own on-prem PingIdentity server.

I've downloaded the PingFederate server locally and ran the sample applications. They don't fully work as I need a license key, which was promised to be given within 24 hours, but that was more than 72 hours ago.

  1. Does anybody know who I can contact to get a license key or bypass this requirement or get a trial license key...?

Moreover, I'm kinda lost on how to implement an SP. I found this filter: https://github.com/salesforceidentity/java-saml-sp - which seems pretty straight forward, but designed for salesforce apps. Tried to break it down for my needs, but seems like too much work. On the other hand, PingIdentity's tutorial has examples of IdP and SP, but again felt like I need to reverse engineer their SP.

What I want is to use PingIdentity installed locally on my computer as IdP and get reference on how to write an SP that also runs on my computer, that performs redirection to the IdP to check if authenticated, otherwise, the user can authenticate to it - and the redirects the user back to my web application, providing only the email the user used.

All of the examples seems cumbersome and non seems to easily explain what I as a developer need to do to implement an SP (that isn't part of salesforce and other stuff).

  1. So, I'm just looking for any implemented example close to what I need.

I'm using Tomcat (and of course java) as my web application backend.

Thank you

Solution

  • First, PingFederate is commercial software, and asking on StackOverflow as to how to bypass licensing is extremely bad form.

    Second, while it's certainly good to use PingFederate as a reference implementation, none of the account teams will be in a hurry to get back to you knowing that all you want to do is get a license to use while you validate whatever code you're going to write. What's the rush? You're not going to buy the software... And while you may not like that answer, it's an honest one. If you wrote a solid piece of software, and someone asked you for a temporary key while they copied a portion of it, would you be in a rush to hand one to them? You can, however, send an email to [email protected] - use a business email (they won't send keys to common consumer addresses, like GMail, Yahoo, etc.), and see what happens.

    Third, there are a multitude of open-source toolkits for SAML. Everything from Spring to PicketLink will work on Tomcat. Google turns up a plethora of guides on configuring them both.