How to integrate PingFederate SSO with OvalEdge application

Introduction

This document outlines the process of integrating PingFederate SSO with the OvalEdge application.

Active Directory Integration

Configurations

Data store creation

1. Login to the PingFederate Application as shown below. Enter username and password.
   
   
   
2. After logging in to pingFederate, click on SYSTEM > Data Stores.
   
3. Click Data Stores.
   
4. Click Add New Data Store.
   
5. After clicking on Add new data store, enter the AD details as shown below.
   From the screenshot below,
   • NAME: In the name field, you can give any name.
   • TYPE: Select Directory (LDAP) for the drop-down list and click Next.
     
6. The page below will appear; enter the hostname(IP) of the AD server, and give userDN and password.
   
   
   

   
   Here,
   Hostname: Enter AD server hostname.

   UserDN= CN=Administrator,CN=Users,DC=<Domain component>,DC=<another Domain component like .net>

7. After adding details, click Next, review details, and click on save, as shown below.
   

PCV creation

1. Navigate to systems and click on password Credentials Validators as shown below.
   
2. Click on “Create New Instance” and enter the details as shown below.
   
   Instance Name and Instance ID: You can give any name.
   Type= Select LDAP username password credentials validator, and click Next.
3. After clicking on Next, you will see “Instance configuration” and add the details below as shown.
   
   

   LDAP Datastores is a datastore that we created in “Data store section”

   Search Base is the “Distinguished name”

   Search Filter give sAMAccountName=${username}

4. In Extended Contract, click on ADD and enter memberOf as shown in the screenshot below, and click Next.
   
5. Finally, in summary, review the details and click on Save. You will see the page below.
   

IDP adaptor Creation

1. Click on Authentication, navigate to the IDP adaptor, and click on New Instance creation, as shown below.
   
2. After clicking on Create New Instance, add the details as shown below and click on Next.
   
   

   Instance Name: You can give any name.

   Instance ID: You can give any name.

   TYPE: Select “HTML FORM IdP Adaptor.”

3. Add the data store details in the Adaptor tab and click Next as shown below.
   
   

   
   Note: After adding the data store(Active Directory), click on update.

4. In the extended contract tab, enter the details as shown below.
   
   In the highlighted screenshot below, add the Name, Email, firstName, and lastName parameters and click on next.
   
5. In the adaptor attribute section, give the highlighted details and click next.
   
6. In the next tab, Adaptor contract mapping, click on Configure Adaptor contract as shown below.
   
7. After clicking on configure Adaptor contract, you will see a page like this below; click on Add Attribute sources.
   
8. After clicking on the highlighted one above, you will see the page below, add the details, and click next.
   
   

   Attribute Source ID: You can give any name.

   Attribute Source Description: You can give anything.

   Active Data Store: Give the Active Directory, i.e., the one you created in the datastore section.

9. Add the details as shown in the next tab and click Next.
   
   
   Note: Make sure to add the above details.
10. Add the filter details as shown below and click Next.
    
    
    
    
    
11. Review the changes and click on Done. You will see the page below.
    
    
    This is a part of step 7.
12. Now, click on Adaptor contract fulfillment and add the details as shown below.
    
13. Now click Next, and you will see the page below.
    
14. Click Next and Done. You will see the page below.
    
15. Now again, click Next, review your changes, and click Save.
    

Entity ID creation

Configurations

1. Click on Systems and then Server, as shown below.
   
2. After clicking on the server, you will see the page below.
   
3. Enter the SAML 2.0 entity ID, i.e., we can provide any URL. As shown below, click on next, next, next, and save.
   

Ovaledge Application Integration

Configurations

SP creation

1. Click on Applications and then SP connections, as shown below.
   
2. Click on Create Connection.
   
3. After that, click on the check box, i.e., “Do not use a template for this connection” and click Next.
   
4. Now, in connection type, select Browser SSO and click Next as shown below.
   
5. In connection options, select browser SSO and click Next.
   
6. In the import metadata URL, select none and then click Next.
   
7. In the General info, enter the following details.
   

   Partners Entity ID: https://<IP Address or DNS>/saml/metadata

   Connection Name:  https://<IP Address or DNS>/saml/metadata

   Base URL: https://<IP Address or DNS>

   Note: Here, https://<IP Address or DNS> is an OvalEdge application URL.
   
   
8. After clicking Next, you will see the page below. Click on browser SSO.
   
9. After that, select the highlighted checkbox below and click Next.
   

   IDP-INITIADED SSO

   SP-INITIATED SSO
   

10. In Assertion-Lifetime, just click Next.
    
11. In the Assertion creation page, click on configure assertions creation as shown below.
    
12. After clicking on Configure Assertion Creation, you will see the page below. Select the standard checkbox and click Next.
    
13. Enter/create the attribute and click Next as shown below.
    
14. After clicking on the next page, the following will appear: click on “Map New adaptor” instances.
    
15. After clicking on “Map New Adaptor instance,” the following page will appear. In the drop-down list, select the Adaptor Name that we created in the Adaptor instance creation section.
    
16. After clicking Next, click on the checkbox and click Next.
    
17. In “Attribute contract fulfillment,” configure details below and click Next.
    
    For roles, add expressions, and in values, add the below content.
    
    

    #groupCnOnly = new java.util.ArrayList(),

    #groups = #this.get("roles")!=null ? #this.get("roles").getValues() : {},
    #groups.{   

      #group = #this,   

      #group = new javax.naming.ldap.LdapName(#group),   

      #cn = #group.getRdn(#group.size() - 1).getValue().toString(), 

      #groupCnOnly.add(#cn)

    },

    #this.get("roles")!=null ? new org.sourceid.saml20.adapter.attribute.AttributeValue(#groupCnOnly) : null

18. In the Issuance Criteria, just click Next.
    
19. After clicking Next, review the summary page and click on Done.
    
20. After that, click on Next, review the Assertion creation, and click on Done. You will navigate to the page below. Click Next.
    
21. After clicking Next, you will navigate to the Protocol setting page, as shown below.
    
22. Click on Configure protocol settings, give the following details, and click on Add and then Next.
    

    Endpoint URL:  https://<IP Address or DNS>/saml/SSO

    Here https://<IP Address or DNS> is the OVAledge application URL
    

23. Now select the highlighted checkbox and click Next.
    
24. In the signature policy, click on Next, as shown below.
    
25. In the Encryption policy, just click Next.
    
26. In summary, just review the changes and click Done, as shown below.
    
27. After clicking Done, you will navigate to the page below. Just click Next and Done, as shown below.
    
28. After that, you will navigate to the page below. Click Next.
    
29. After clicking Next, you will see the page below. Click on Configure Credentials as shown below.
    
30. After clicking on Configure Credentials, click on Manage Certificates, as shown below.
    
31. Click on Create New.
    
32. Add the following details and click Next.
    
33. Now review the changes, and click Save.
    
34. After clicking Save, navigate to the page below and click Done.
    
35. After clicking Done, you will navigate to the page below. Click Next and Done.
    
36. After that, you will navigate to the page below, click Next, review the page, and click Done.
    
    Click Next.
    
    
    Click Save.
    
37. Finally, you will see the page below.
    
38. Now, click on Select Action, and Export Metadata as shown below.
    
    
    Click Next
    
    
    Click Export as shown below.
    
    
    A metadata.xml file will be downloaded. Copy that metadata.xml file and paste it into the application server (ovaledge application folder).
39. Now log in to the OvalEdge application, click Continue with SSO, and log in with your Ping credentials.
    
    
    
40. Click on system settings, navigate to the SSO section, and in that ovaledge.extauth.authtype default value is HYBRID. Change it to REMOTE, as shown below.
    

    Note: In the OvalEdge application, under System Setting, click on SSO and ovaledge.extauth.authtype configuration value is HYBRID, then no need to create the groups. Otherwise, the preferred value is REMOTE, so we need to create the groups, and below are the steps.

    
    

    By default, it is HYBRID.
    
    
    Change it to REMOTE
    

41. Now connect to the application server (Windows or Linux), create a folder with any name, and paste the metadata.xml(step 34) file into that folder as shown below.
    
42. Copy the metadata.xml file path, paste it into the oasis.properties file as shown below, and save the file.
    
43. Now, navigate to the Tomcat bin directory and configure setenv.sh (for windows tomcat9w.exe) file with -DOVALEDGE_SECURITY_TYPE=saml
    
    For Windows:
    Navigate to the Tomcat bin folder, open the command prompt here, execute the below command, and make changes.
    tomcat9w.exe //ES/tomcat1     (Here tomcat1 is tomcat service name)
    
    
    
    

    For Linux:

    Now navigate to the tomcat bin path and edit setenv.sh. In -DOVALEDGE_SECURITY_TYPE=saml, add saml, as shown below.

    -DOVALEDGE_SECURITY_TYPE=saml
    

44. Now restart Tomcat services and check the application after 5 minutes, as shown below.
    
    Now, you can log in to the application with AD users.
    

                                                Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.