Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.
Page last updated:
This topic describes how an administrator can test the connection between Single Sign‑On for VMware Tanzu Application Service and PingFederate. An administrator can test both service provider and identity provider connections.
You can test your identity provider integration by deploying the Pivotal Single Sign-On Service Sample Applications.
Log in to Apps Manager at
https://apps.SYSTEM-DOMAINand navigate to the org and space where your app is located.
Under Services, locate the service instance of the Single Sign‑On plan bound to your app. Click the service instance and then click Manage.
Under the Apps tab, click your app.
Under Identity Providers, select the PingFederate identity provider. a
Return to Apps Manager and click the URL below your app to authenticate with the identity provider.
Click the link to Log in via Auth Code Grant Type.
On the identity provider sign-in page, enter your credentials and click Sign On.
The app asks for authorization to the necessary scopes. Click Authorize.
View the access token and ID token.
Note: Single Sign‑On does not support identity provider-initiated flow into apps, but it does redirect the user to the User Account and Authentication (UAA) page to select apps assigned to the user.
Sign in to PingFederate.
Navigate to your app and click it.
View the list of apps you have access to.
Test single sign-off to ensure that when users log out of the app, they are logged out of PingFederate as well.
- Sign into the sample app. Information about the access and ID token displays, as well as the What do you want to do? section.
Under What do you want to do?, click Log out.
Ensure that you are logged out and redirected to the PingFederate login page.