It was great to see Pam setup and configure PingFederate to accept PayPal OpenID and show login to Google Apps.
The following screen cast illustrates:
- User accesses integralcurve.com (a Google Apps domain)
- SAML SP Initiated SSO to PingFederate.
- PingFed redirects to PayPal OpenID endpoint for authentication.
- User authenticates at PayPal.com.
- PingFed accepts PayPal OpenID response, creates a SAML assertion and redirects to integralcurve.
- User is logged in to integralcurve.
Another feature that’s not shown here is to configure the solution for user’s to select their own IdP at run time. This can potentially allow Google Apps hosted enterprises to offer their employees a handful of IdP options (PayPal, Enterprise AD, Facebook…) and let the employees pick the one they feel most comfortable with.