You can export metadata for any SAML Browser SSO connection to an XML file. This is useful in a situation, where you have already created a SAML Browser SSO connection to your partner and the partner prefers consuming SAML metadata by file.

  1. Go to the System > Metadata Export screen.
  2. On the Metadata Role screen, select the applicable role.
  3. On the Metadata Mode screen, select the Use a connection for metadata generation option.
    If the secondary HTTPS port is configured and you want to use it for the SOAP channel, select the Use the secondary port for SOAP channel check box.

    If certificate-based authentication is configured for the SOAP channel, you must configure the pf.secondary.https.port property in the <pf_install>/pingfederate/bin/ file and select this check box.

  4. On the Connection Metadata screen, select the applicable SAML Browser SSO connection from the list.
    Virtual Server ID
    If the selected connection contains two or more virtual server IDs, you must select the virtual server ID that you want to use during the export.
    The protocol endpoints in the metadata file are specific to the selected virtual server ID. If you decide to update the virtual server ID at a later time, re-export the connection metadata for your partners.
    Virtual Host Name
    If PingFederate is configured with one of more virtual server host names, you may select the applicable virtual host name from the list.
    If a selection is made, PingFederate use that virtual host name when generating the metadata file. If left blank, PingFederate uses its base URL in the metadata file. If you decide to update one or more virtual host names at a later time, re-export the connection metadata for your partners.
  5. Optional: On the Metadata Signing screen, select a certificate to use for signing the metadata XML file.
    1. Select a certificate from the Signing Certificate list.

      If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

    2. Optional: Select the related check boxes to include the public key information and the raw key in the signed XML file.
    3. Select a signing algorithm from the list.

      The default selection is RSA SHA256 or ECDSA SHA256, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.

  6. On the Export & Summary screen, click Export to save the metadata XML file and then click Done.
  7. Pass the metadata XML file to your partner.