Local playground
- OIDC Code + PKCE client at /oidc/client
- SAML SP demo at /saml/sp
- Protected API at /api/profile (Bearer required)
Vendor-specific quick links
- PingFederate tips — endpoints, OIDC client JSON, SAML connection notes.
- SiteMinder tips — partnerships, ACO highlights, troubleshooting.
Downloadable templates
- SAML IdP metadata template — XML
- SAML SP metadata template — XML
- OpenID Provider well-known (Ping style) — JSON
- PingFederate OIDC client — JSON
PingOne DaVinci
- Starter flows — OIDC Code + PKCE login and SAML SP blueprint.
Demo security notes
- OIDC tokens are now signed with RS256 and exposed via a live
/oidc/jwks.json. - SAML Assertions are XML-signed; the ACS verifies the signature using the IdP demo cert.
- Download the IdP cert at
/saml/idp-cert.pemfor validation tests.