Creating a new Identity Provider in the Sophie web application

Start by opening the Sophie web app, then select Settings -> Manage Users -> Identity Providers  from the left menu: 

Create a new OpenID Connect  application. Specify an alias (e.g. ping-federate) and a display name (e.g. PingID). Make note of the Redirection URI:

The Authorization URL should be:

https://{{address-of-ping-federate}}:9031/as/authorization.oauth2

The Token URL:

https://{{address-of-ping-federate}}:9031/as/token.oauth2

The User Info URL:

https://{{address-of-ping-federate}}:9031/idp/userinfo.openid

The Issuer:

https://{{address-of-ping-federate}}:9031

The JWKS URL:

https://{{address-of-ping-federate}}:9031/pf/JWKS

Make sure Validate Signatures and Use JWKS URL are both enabled.

Note: these endpoints and others can be found under:

https://{{address-of-ping-federate}}:9031/.well-known/openid-configuration

Within the Sophie web-app, you have the option to simply import these settings from the above endpoint.

Don't save the new Identity Provider yet - you'll need the Client ID  and Client Secret  which you will obtain in the next step.

Creating a new OpenID Connect Client in PingFederate

Browse to the administration portal of PingFederate. Make sure that OpenID Connect is enabled. You can enable it via System -> Server -> Protocol Settings.

Select Oauth Server, then under Clients click Create New.
Fill out the form as follows. Make note of the Client ID  and Client Secret - paste them in the Sophie web-app, then save the form.

Paste the Redirection URI  you took note of earlier in the Sophie WebApp.
Check the following:

Logout from the Sophie web app. On the login page you will now see the new sing-in option:

That's it! Try to login with your PindID credentials. On first login, you will be prompted to allow access to your basic information:

Did this answer your question?