This article reviews the SAML SSO features MindTouch supports for PingOne.
Supported SAML SSO features for PingOne
MindTouch integrates with PingOne as a service provider (SP), trusting PingOne as its identity provider (IdP). The table below lists the standard SAML single sign-on (SSO) and single logout (SLO) scenarios and endpoints MindTouch supports for PingOne.
|SP-initiated SAML 2.0 SSO||SP redirect request, IdP POST response|
|SP-initiated SAML 2.0 SLO||SP redirect request, IdP redirect response|
|IdP-initiated SAML 2.0 SSO||IdP POST request|
|IdP-broadcasted SAML 2.0 SLO||SP redirect request, IdP redirect response|
|SP metadata download||http://example.com/@app/saml/metadata|
|SP public X.509 certificate download||If available:
|SP-IdP public X.509 certificate synchronization||IdP public X.509 certificate must be manually updated in the MindTouch SP (either by IdP metadata or certificate file)|
|SP-IdP message signing and verification||Required, MindTouch signs outgoing messages with SHA1|
|IdP-SP message & assertion signing and verification||Required, SHA1 and SHA256 signatures are allowed|
|IdP-SP assertion encryption and decryption||--|