问题
I am working to understand the SAML request process using PingFederate.
I am making the SAML RST request in order to gain access to a SharePoint Online instance. PingFederate SSO is successfully set up and users must login through ping in order to get to sharepoint online.
Now I want to make a Saml RST to PingFederate STS using the Java STS SDK 1.1.
I have a working STS endpoint: https://my.ping.endpoint/sp/sts.wst And my SharepointOnline endpoint is: https://mydomain.sharepoint.com
I am trying to figure out what to use as AppliesTo in this scenario.
Definition:
The Relying Party realm the token is to be issued for.
I've tried setting it to anything we can think of. But no luck. I was fairly sure I could use: https://tenantname.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 but it didn't work. I keep getting a SOAP Fault from ping STS:
Unable to determine partner SP connection by AppliesTo: http://my-AppliesTo-url-here
Is this some URL I need to get from the PingFederate admin UI? How can I find this?
回答1:
Under your "SP Connection", "WS-Trust STS", "Protocol Settings" there is a place to enter the "PARTNER SERVICE IDENTIFIER (CORRESPONDS TO APPLIESTO IN RST)"
来源:https://stackoverflow.com/questions/48358507/where-do-i-find-pingfederates-relying-party-to-be-set-in-appliesto-of-the