Introduction This procedure outlines the necessary steps to configure JFrog Artifactory for SAML Single Sign-On (SSO) using Ping Identity as the Identity Provider (IdP). Resolution 1. Navigate to the Applications tab in Pingone and create a new SAML application2. Let's set the Application Name to "Artifactory" and the Application Description can be anything you like. Click SAML Application and then click configure.
3. Let's click Manually Enter, then for ACS URLs, we want to follow this format. https://<servername>.jfrog.io/ui/api/v1/auth/saml/loginResponse/<display_name>
4. Once we click save, we should have an overview of the URLs and configurations we need to provide Artifactory. Once configured, let's enable the application; by default, it is not enabled. Then we need to keep note of or copy the following fields for artifactory, and download the X509 PEM.crt
5. Now let's go to Artifactory -> Administration -> Authentication -> SAML SSO -> create a new SAML SSO Application.
6. Let's set the display name to "pingone". Now copy over the Single Signon Service from Pingone -> SAML Login URL in artifactory | Single Logout Service from Pingone -> SAML Logout URL in artifactory| Issuer ID from Pingone -> SAML Service Provider in artifactory.
7. Now, let's open the X509PEM.crt we downloaded earlier with a text editor to copy the certificate over to artifactory. I used VSCode in my example.
8. From here onward, the SAML connection is ready to be saved, but if we want to apply some attribute mappings, we need to navigate back to Pingone and navigate to attribute mappings, and create two new attributes named "email" and "name". Once we create those mappings in Pingone we want to set the name of the attributes in artifactory to match
9. Now enable Auto Create Users and Allow Created Users Access to Profile Page, and save the SAML configuration.