PingFederate Server

Constructing an alternative metadata exchange endpoint

You can embed virtual server ID information into a security token service (STS) metadata exchange endpoint or a SAML and WS-Federation metadata exchange endpoint.

About this task

This process is useful for scenarios where partners prefer to retrieve metadata by sending one query parameter such asPartnerSpId or PartnerIdpId, instead of two query parameters such asPartnerSpId or PartnerIdpId and vsid.

Steps

  1. Construct a JSON object containing a key-value pair of the virtual server ID by using the following format. {"vsid":"<VirtualServerIdValue>"}

    Example:

    For example, if the virtual server ID is Engineering, the JSON object is {"vsid":"Engineering"}.

  2. Base64url-encode the JSON object.

    Example:

    For example, if the JSON object is {"vsid":"Engineering"}, the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ.

    For more information about base64url, see tools.ietf.org/html/rfc4648.

  3. Insert the base64url-encoded value prefixed with a forward slash into the metadata exchange endpoints, described as follows:

    Federation metadata endpoint (/pf/federation_metadata.ping)

    Between /pf and /federation_metadata.ping.

    STS metadata endpoint (/pf/sts_mex.ping)

    Between /pf and /sts_mex.ping.

    Example:

    For example, if the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ, the metadata exchange endpoints embedding with the virtual server ID are:

    Federation metadata endpoint

    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping?PartnerSpId=sp.example.org

    STS metadata endpoint

    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping?PartnerSpId=sp.example.org