Troubleshooting SP-Initated Flow Issues With PingFederate Connection in Auth0

Overview

Developers may encounter issues when configuring a PingFederate connection in Auth0, such as the connection not working as expected. However, enabling the Identity Provider (IdP)-initiated setting resolves the problem. This article aims to explain the root cause of this issue and provide a solution for developers using Auth0 with PingFederate.

Applies To

  • PingFederate

Solution

The issue arises from the different paths required for Service Provider (SP)-initiated and IdP-initiated flows in PingFederate.

  • For SP-initiated flows, the expected value usually contains /idp/SSO.saml2 as the path.
  • For IdP-initiated SSO, the path is /idp/startSSO.ping .
  • If developers are using the IdP-initiated path (/idp/startSSO.ping) when attempting an SP-initiated flow, the connection will not work. To resolve this, ensure that the correct path is used for the intended flow:
    • SP-Initiated Flow: Use /idp/SSO.saml2 as the path.
    • IdP-Initiated Flow: Use /idp/startSSO.ping as the path.

By configuring the correct path based on the flow type, developers can ensure that the PingFederate connection works seamlessly in Auth0.