Part 1 : Enabling SAML Single Sign-On for Umbraco Backoffice with PingID Integration

Prerequisites

1. PingID Account & Console Access

• Obtain a PingID account (a 1-month trial is available for POC/R&D).
• Ensure you have a business email to sign up. If not, contact PingID Support for assistance.

2. Works in Umbraco version 10..X.X to 13.X.X

This has been tested with Umbraco versions 10–13. For higher versions, you may need to adapt the codebase with relevant changes.

3. Required NuGet Package

Install the AspNetSaml NuGet package for SAML authentication:

dotnet add package AspNetSaml

🔗 GitHub Repository: https://github.com/jitbit/AspNetSaml

Optional for Trial Users

• If using a trial account, verify SAML configuration settings in the PingID Admin Console.
• For testing, ensure your environment meets PingID’s integration requirements.

How to configure Ping Identity with SAML

There are two parts to this procedure:

• Part 1: Add an application to Ping Identity
• Part 2: Configure Ping Identity Single Sign-On with SAML

How to add an application to Ping Identity

1. Log in to your Ping Identity account.
2. From the main menu, select Connections > Applications.
3. From the Applications page, select the + (plus) sign.
4. Enter your application name, then select SAML Application. (example, umbracosso)

5. Select Configure when available after selecting the SAML Application.

6. From the SAML Configuration, select Manually Enter.

7. Add ACS URL (ACS URL is the Redirect URL of the application where the successful saml handler response will send, Ensure the URL is accessible and matches exactly (including http vs https))

8. Add a Identifier if you have or enter an EntityID. The Entity ID (or Identifier) is a unique identifier for your application in the SAML flow.

9. Click Save.

How to configure Ping Identity Single Sign-On with SAML

1. From the Applications page, select umbracosso.
2. Turn on the toggle next to umbracosso.
3. Select umbracosso.

4. Select the Attribute Mappings tab, then edit (the pencil icon).

1. Click + Add.
2. Add User.Email to the Attributes field and choose Email Adress from the PingOne Mappings drop-down.
3. Click Save.

You can include additional attributes based on your business requirements by extending the SAML validation Response class.

5. Select the Configuration tab, then edit (the pencil icon).

6. Choose the Sign Assertion & Response option.

7. Click Save.

8. From the Connection Details, do the following:

1. Copy the Single Signon Service URL, and keep it somewhere.
2. Click Download Signing Certificate to download the certificate (X509 PEM (.crt).)
3. Go to your download location and open the certificate with a text editor.
   and copy the value and keep it somewhere.
4. Click to toggle to enable the configuration in Ping Identity.
5. Click Save on the Acunetix tab to complete the integration.

📌 What’s Next?

Configuring Umbraco for PingID SAML Authentication
🔗Part2 : Enabling SAML Single Sign-On for Umbraco Backoffice with PingID Integration