Configuring metadata signing
Configure metadata signing using the PingFederate administrative console.
About this task
PingFederate generates publicly available metadata for partners through the federation metadata endpoint, /pf/federation_metadata.ping
. Although optional, signing the the metadata is recommended so that partners can verify the authenticity of the metadata.
Steps
-
Go to System → Protocol Metadata.
-
In the Metadata Settings window, on theMetadata Signing tab select a certificate from the Signing Certificate list.
If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.
-
Optional: Select a signing algorithm from the list.
The default selection is RSA SHA256 or ECDSA SHA256 depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.
The public key of the metadata signing certificate is included as part of the metadata.
-
Click Next.
When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.