https://stackoverflow.com/questions/19721523
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFirst, full disclosure: I work for Ping. ;)
You're correct in stating that when you're the SP, you'll receive an assertion in some standard protocol, like SAML, but there are others, too. I won't talk about those - don't need to muddy the waters just yet!
So, within SAML, a number of attributes can be passed as part of the assertion. At a minimum, you will ALWAYS have the subject, which would be the user ID, email, whatever, that is what you and the IdP have agreed upon as the identifier for the user. But, you could get other things too, by extending the contract of the assertion, to things like first/last names, phone numbers, etc., whatever the IdP may have for you to utilize (especially for instantiating a new user in your SP side!).
So, you get the attribute(s) in the assertion, then you push those to your SP application - quite possibly via openToken (since we provide the openToken adapter, it's pretty easy to integrate that into your app), or maybe you use our .net or Java SDKs.
I would highly recommend heading over to our library of free videos on training. You can check them all out here: https://www.pingidentity.com/support/training-center/
Start with an intro to federation: https://www.pingidentity.com/support/training-center/training-video.cfm/introduction-to-federation?id=1017466745001
Then you'll have some basics under your belt, and can move on into the other areas, especially the TRT sections where you can learn to build adapters, use the HTML Form Adapter that we include, connect to LDAP directories and Databases as user stores... All sorts of good stuff.
And if you're a paying customer (or even not yet - you're just kicking the tires!), if you get REALLY stuck, you can contact our support team.
Happy federating!
