You can manually select the desired information and export a metadata XML file. This is useful for the following situations:

  • You have not yet created a SAML Browser SSO connection to the partner but would like to help your partner with its configuration by including selected information in a metadata XML file.
  • You want to export a SAML metadata with selected information, which can be passed to multiple partners to expedite their configurations.
  1. Go to the System > Metadata Export screen.
  2. On the Metadata Role screen, select the applicable role.
  3. On the Metadata Mode screen, select the Select information to include in metadata manually option.
    If the secondary HTTPS port is configured and you want to use it for the SOAP channel, select the Use the secondary port for SOAP channel check box.
    Note:

    If certificate-based authentication is configured for the SOAP channel, you must configure the pf.secondary.https.port property in the <pf_install>/pingfederate/bin/run.properties file and select this check box.

  4. On the Protocol screen, select the desired version of the SAML protocol from the list.
  5. On the Virtual Host Name screen, select the applicable virtual host name from the list.
    Shown and applicable only if PingFederate is configured with one of more virtual server host names.

    If a selection is made, PingFederate use that virtual host name when generating the metadata file. If left blank, PingFederate uses its base URL in the metadata file. If you decide to update one or more virtual host names at a later time, re-export the connection metadata for your partners.

  6. Optional: On the Attribute Contract screen, add one or more attributes.
    Modify any entry as needed.
  7. Optional: On the Metadata Signing screen, select a certificate to use for signing the metadata XML file.
    1. Select a certificate from the Signing Certificate list.

      If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

    2. Optional: Select the related check boxes to include the public key information and the raw key in the signed XML file.
    3. Select a signing algorithm from the list.

      The default selection is RSA SHA256 or ECDSA SHA256, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.

  8. Optional: On the XML Encryption Certificate screen, select the certificate that your partner can use to encrypt XML content.
    Applicable only when you have selected SAML 2.0 on the Protocol screen.

    If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

  9. On the Export & Summary screen, click Export to save the metadata XML file and then click Done.
  10. Pass the metadata XML file to your partner (or partners).