Group Email Manager

login signup

Configuring Ping Identity for Simplelists SAML2 Authentication

Authenticate to Simplelists using Ping Identity

Introduction

Implementing SAML Authentication for simplelists.com is described below.

Ping Identity Configuration

Login to your Ping Identity Environment

  1. Login to your Ping Identity Console and select your environment

Shows the Ping Identity Dashboard

Create SAML2 Application

    Shows the Applications menu selected
  1. Click Connections
  2. Click Applications
  3. Click the Shows the plus sign icon next to Applications 
    Shows the Add Application page
  1. Enter an Application Name
  2. Optionally enter a Description
  3. Click SAML Application
  4. Click Configure

SAML Configuration (from Metadata)

    Show Metadata Import Page
  1. Select Import Metadata
  2. Click Select a file
  3. Locate the saml.xml that you downloaded from the Simplelists Authentication Provider above and click to select the file Show Save Metadata Page
  4. After the Metadata has been loaded Click Save

Download Metadata and Signing Certificate

    Shows SAML configuration page
  1. Click Configuration Shows the Download Metadata page
  2. Click Download Metadata (save for upload to Simplelists) Shows the Download certificate page
  3. Click Download Signing Certificate
  4. Select X509 PEM (.crt) (save for upload to Simplelists)
  5. Click Save

Attribute Mappings

    Shows the Attribute Configuration page
  1. Click Attribute Mappings
  2. Click the blue and white edit icon

    Shows Edit Icon

Edit Attribute Mappings
    Shows the Attributes completion
  1. Click Add
  2. Add the following mappings
    Attributes PingOne Mappings
    saml_subject Email Address
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Given Name
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Family Name
  3. Click Save

Enable SAML Application

    Shows Enable the Application toggle
  1. Toggle the Enable/Disable “toggle”

Shows the Application is Enabled

Testing Login

At this point you should have successfully configured basic SAML2 authentication.

  1. Open the Simplelists web page (https://www.simplelists.com) Shows the Simplelists Main page
  2. Click Login
  3. Enter your email address on the simplelists web page Shows the login page for Simplelists
  4. Enter your Ping enabled email address and click submit.

If everything is correctly configured you will be presented with the Ping login page.

Shows the Ping Login Screen

  1. Enter the email address that you have enabled for Ping in simplelists
  2. Enter your password
  3. Click Sign On

You should be logged into the simplelists web page as your user.

Optional Settings

The following settings provide extra features that are not necessary if you are simply authenticating from the Simplelist’s web page.

Automatic User Creation

Simplelists supports the auto user creation both via the Simplelists website and via an IdP Initiated login (if configured).  For auto user creation from the Simplelists web page you need to ensure that your domain name is configured in the Authentication Provider.

For information on Configuring Automatic User Creation in Simplelists see the help page.

Note: Groups must be configured and properly provided by Ping as in Group Support (below) in order for the user to be automatically created.

Group Support

Simplelist’s can use groups provided by the Ping provider to create users and manage the permissions.  The following section assumes that you have existing groups in Ping for use with Simplelists.  If not, create groups for the type of permissions that you would like to have.  For instance groups may be:

  1. SimpleLists-Administrator
  2. SimpleLists-ListManager
  3. SimpleLists-Billing Manager

Create Groups in Ping

  1. Click Identities
  2. Click Groups
  3. Click the Shows the plus sign icon next to Groups

Show Ping Console with Groups Selected

    Shows page to define the group name
  1. Enter the Group Name and click Save

Add users to the group

    Shows page to add users to the group
  1. Click Users Shows adding users to the group Individually
  2. Click Add Individually
  3. Search for a User Shows selecting the user and searching
  4. Select the User
  5. Click Save

Shows the selected user in the group

Ping Application Group Configuration

Add a Group Memberships to the Application
  1. Access the SAML application you previously configured Shows the Application Configuration - Select Attribute Mappings
  2. Edit the Attribute Mappings
  3. Click the edit icon Shows the edit icon
Edit Attribute Mappings
  1. Click Add
  2. Add the following mapping to the existing
Attributes PingOne Mappings
http://schemas.microsoft.com/ws/2008/06/identity/claims/groups Group Names

Shows added Group Attribute

IdP Initiated Login

Simplelists has support for IdP initiated login.  That is, login that is initiated by selecting the Simplelists application on the user’s Ping Application Portal.  Selecting the application on the portal page redirects to the Simplelist web page where the user is automatically logged into the application.

  1. Open the Ping SAML application that you created
  2. Click Connections
  3. Click Applications
  4. Click on the Simplelists application
  5. Edit the Configuration
  6. Click Configuration
  7. Click the blue and white edit icon Shows the Edit Icon Shows the SAML Authentication for Relay State
  8. Enter the RelayState value from the Simplelists Authentication provider in the Target Application URL field (example: v0aWiPupDsvdBitylxpcGxtfE0FKYc2z)
  9. Click Save

Require Signed AuthnRequests

Note: Requiring Signed AuthnRequests may break the ability to initiate login to Simplelists from the Ping Application Portal if you have configured that functionality.

  1. Open the Ping SAML application that you created
  2. Click Connections
  3. Click Applications
  4. Click on the Simplelists application
  5. Edit the Configuration
  6. Click Configuration
  7. Click the blue and white edit icon Shows the edit icon Shows Configuration to Enforce Signed AuthnRequests
  8. Select Enforce Signed AuthnRequest
  9. Click Save

Enable Encrypted Assertions

Encrypted assertions are supported by Simplelists and allow you to increase the security of your authentication.

Edit the SAML Application

  1. Click Configuration Show Edit Application page
  2. Click the blue and white edit icon Shows the edit icon

Set Required Encryption Settings

  1. Click Sign Assertion & Response
  2. Click Enable Encryption Show Encryption Settings
  3. Choose AES_256 from the Algorithm drop down
  4. Select Import
  5. Click Choose File
  6. Select the Simplelists Signing Certificate simplelists.cer that you downloaded above
  7. Click Save

Test login with encrypted assertions

Simply login to the Simplelists website and verify that you are able to log in.  You can verify that the Assertion is encrypted by viewing it using a SAML Message decoder plugin for your browser; see the Troubleshooting section.