ServiceNow Provisioner

Exchanging signing certificates

To allow PingFederate and ServiceNow to communicate securely, exchange the signing certificates between the two systems.

Steps

  1. In PingFederate, export your signing certificate. On the PingFederate admin console, go to Security → Signing & Decryption Keys & Certificates.For the certificate that you want to use, in the Action column, click Export.On the Export Certificate screen, click Next.On the Export & Summary screen, click Export.Open the *.crt file in a text editor.

  2. In ServiceNow, import your PingFederate signing certificate.

    1. On your ServiceNow instance, go to SAML 2 Single Sign-on → Certificate. Click New.

    2. On the New record screen, in the Name field, enter SAML 2.0.

    3. Optional: In the Short description field, enter a description. This appears on the Certificate screen.

    4. In the PEM Certificate field, paste the contents of the *.crt file that you exported from PingFederate.

    5. Click Submit.

  3. In ServiceNow, export your ServiceNow single logout (SLO) certificate.

    1. On your ServiceNow instance, go to SAML 2 Single Sign-on → Certificate. Click SAML 2.0 SP Keystore.

    2. On the SAML 2.0 SP Keystore screen, download the certificate keystore by clicking saml2sp_keystore.

    3. Extract the certificate from saml2sp_keystore as shown in How to print the Public Key of a Certificate using Keytool in the ServiceNow documentation.

    4. Copy the output of the command to a text file on your computer, and save it as sn-certificate.crt.

  4. In PingFederate, import your ServiceNow SLO certificate as a trusted certificate authority (CA).

    1. On the PingFederate admin console, go to Security → Trusted CAs.

    2. On the Trusted CAs screen, click Import.

    3. On the Import Certificate screen, select sn-certificate.crt. Click Next.

    4. On the Summary screen, click Save.

  5. In ServiceNow, export your SAML 2.0 metadata.

    1. On your ServiceNow instance, go to SAML 2 Single Sign-on → Metadata.

    2. Copy the metadata block to a text file on your computer, and save it as sn-metadata.xml.

    You will use this in Creating a single sign-on connection.