How do I configure Artifactory SAML SSO with PingOne?

Kfir Avraham
2019-06-06 13:05

Subject
How to configure PingOne as SAML SSO provider in Artifactory?

Description
By following the below steps, it is possible to configure Artifactory with PingOne as an external identity provider

On PingOne side

  1. Add a New SAML Application and configure the Application configuration as the below
  2. Choose "I have SAML configuration"
  3. Download the SAML Metadata file
  4. In the field “Assertion Consumer Service (ACS)”, enter: https://<Artifactory-URL>/webapp/saml/loginResponse
  5. In the field “Entity ID”, enter the “entityID” value as in the downloaded SAML Metadata file (from #2)
  6. Choose the “Post” option for “Single Logout Binding Type
  7. Choose “Sign Assertion” for “Signing
  8. Choose “RSA_SHA256” for “Signing Algorithm
  9. Finish the configuration process
 
On Artifactory side
  1. Navigate in Artifactory UI to the Admin Tab → Security | SAML SSO
  2. In the “SAML Login URL”, enter the value of “SingleSignOnService Location” (from the downloaded SAML Metadata file) for example: 
    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid>
  3. In the “SAML Logout URL”, enter the value of “SingleLogoutService” (from the downloaded SAML Metadata file) for example:
    https://sso.connect.pingidentity.com/sso/SLO.saml2
  4. In the “SAML Service Provider Name”, enter the same “Entity ID” as mentioned above (from the PingOne configuration)
  5. For the “SAML Certificate”, download the “Signing Certificate” from the application setup from PingOne and copy it that field.