--- title: Exporting selected SAML metadata description: You can manually select the desired information and export a metadata XML file. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_exporting_selected_saml_metadata canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_exporting_selected_saml_metadata.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 8, 2024 section_ids: about-this-task: About this task steps: Steps --- # Exporting selected SAML metadata You can manually select the desired information and export a metadata XML file. ## About this task This type of export is useful for the following situations: * You have not yet created a SAML browser single sign-on (SSO) connection to the partner but would like to help your partner with its configuration by including selected information in a metadata XML file. * You want to export a SAML metadata with selected information, which can be passed to multiple partners to expedite their configurations. ## Steps 1. Go to **System > Protocol Metadata > Metadata Export**. 2. On the **Metadata Role** tab, select the applicable role. 3. On the **Metadata Mode** tab, select the **Select information to include in metadata manually** option. If the secondary HTTPS port is configured and you want to use it for the SOAP channel, select the **Use the secondary port for SOAP channel** checkbox. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If certificate-based authentication is configured for the SOAP channel, you must configure the `pf.secondary.https.port` property in the `/pingfederate/bin/run.properties` file and select this checkbox. | 4. On the **Protocol** tab, select the desired version of the SAML protocol from the list. 5. On the **Virtual Host Name** tab, select the applicable virtual host name from the list. This tab is shown and applicable only if PingFederate is configured with one of more virtual server host names. If a selection is made, PingFederate use that virtual host name when generating the metadata file. If left blank, PingFederate uses its base URL in the metadata file. If you decide to update one or more virtual host names at a later time, re-export the connection metadata for your partners. 6. (Optional) On the **Attribute Contract** tab, you can perform the following actions. | Action | Description | | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | **Add** | Add an attribute contract by entering the contract's name and clicking **Add**. | | **Edit** | Modify an existing attribute contract by clicking **Edit**. To save your change, click **Update**. To cancel your change, click **Cancel**. | | **Delete** | Delete an existing attribute contract by clicking **Delete**. | 7. On the **Signing Key** tab, do the following: 1. (Optional) If you want to include a public key that this system uses for digital signatures, select a key from the **Digital Signature Keys/Certs** list. If you have not yet created or imported a digital signature key to PingFederate, click **Manage Certificates** and use the **Digital Signature Settings** wizard to complete the task. 2. (Optional) If you want to give partners an alternative key, select another key from the **Secondary Digital Signature Keys/Certs** list. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can't configure a secondary signing certificate if the primary certificate has certificate rotation enabled. You also can't use a certificate that has rotation enabled as the secondary signing certificate. | On the **Metadata Signing** tab, select a certificate to use for signing the metadata XML file.Select a certificate from the **Signing Certificate** list. If you have not yet created or imported your certificate into PingFederate, click **Manage Certificates** and use the **Certificate Management** configuration wizard to complete the task.Select the related checkboxes to include the public key information and the raw key in the signed XML file.Select a signing algorithm from the list. The default selection is **RSA SHA256** or **ECDSA SHA256**, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm. For a list of the available signing algorithms and their URIs, see [Signing algorithms](pf_signing_algorithms.html). 8. (Optional) On the **XML Encryption Certificate** tab, select the certificate that your partner can use to encrypt XML content. Applicable only when you have selected **SAML 2.0** on the **Protocol** tab. If you have not created or imported your certificate into PingFederate, click **Manage Certificates** and use the **Certificate Management** configuration wizard to complete the task. 9. On the **Export & Summary** tab, click **Export** to save the metadata XML file, then click **Done**. 10. Pass the metadata XML file to your partner or partners.