Blog

Configuring a PingFederate SAML Connection in DreamFactory

Written by Terence Bennett | April 22, 2021

All DreamFactory APIs are private by default, requiring at a minimum an API key for authentication purposes. The API key is associated with role-based access control (RBAC) which determines what actions the client responsible for supplying the API key can undertake with regards to the API.  OAuth 2.0 makes adding an authentication system to your app or web page considerably easy.  Many different service providers support the OAuth 2.0 spec and, in turn, so does DreamFactory. Below are the supported OAuth services DreamFactory which are supported natively.

Configuring Ping for use as a SSO service provider involves the following steps:

The Ping Application Configuration:

  1. Go to Applications.
  2. Click Add Application → New SAML Application.
  3. Fill in the required application details and continue to the next step.
  4. On the configure SAML Application page, provide the SAML configuration details for the application.
    ACS URL - Type the URL of your DreamFactory instance appended by the word acs. So the URL will be something like: <abc.com/api/v2/pingapplicationname/acs>
  5. Set the Entity ID. I have set my instance URL as the ID. You can set it to anything you want
  6. Set the Target Application URL as seen in the screenshot. The ?session_token=_token_ helps with the token exchange between Ping and DreamFactory.
  7. Once you setup your SAML app in ping, you will see something like this:
  8. Click on the Download button under connection details to download the metadata file.
  9. And you are done! Let's finish the last leg of the setup

DreamFactory Service Configuration

Step 1: Open your DreamFactory instance and sign in

Step 2: Navigate to the Services tab and select SSO> SAML2.0 from the categories available in the dropdown.

Step 3: Configure the Info tab for your SAML service.

Step 4 : Setup the configure tab as follows

Relay State: In DreamFactory, set it to the instance URL or you can leave it blank.

IDP Entity ID: It is present in the Ping application. This is nothing but the "Issuer ID"

IDP SSO Service URL: This can be found in your ping application. This is nothing but the "INITIATE SINGLE SIGNON SERVICE"

IDP x509cert: Download the metadata file from your ping application to reveal the certificate.Make sure you add the certificate by appending -----BEGIN CERTIFICATE----- <certifcate> -----END CERTIFICATE-----

That is it! The next time you visit the login page you will notice the Ping connector available as one of the ways to login. 

References:

  1. https://docs.pingidentity.com/bundle/solution-guides/page/qnf1588967369890.html

  1. https://guide.dreamfactory.com/

  1. https://wiki.dreamfactory.com/Main_Page

  1. https://guide.dreamfactory.com/docs/authenticating-your-apis/#authentication-fundamentals

Did you know you can generate a full-featured, documented, and secure REST API in minutes using DreamFactory? Sign up for our free 14 day hosted trial to learn how! Our guided tour will show you how to create an API using an example MySQL database provided to you as part of the trial!

Create Your No-Code REST API Now

View full post