Updating a SAML connection using metadata - PingFederate

Updating a SAML connection using metadata - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 2 min read

PingFederate 10.0 Product Configuration User task Single Sign-on (SSO) Capability Software Deployment Method Product documentation Content Type Administrator Audience SAML Standards, specifications, and protocols

You can update an existing SAML connection using a metadata file or a metadata URL from your partner.

Note:

This manual update is independent from the optional and per-connection automatic update feature.

Go to the Manage All > Connections screen.
Click Update with Metadata under Action for the applicable SAML connection.

Refer to the following steps to import or update metadata. Instructions vary depending on the medium of the metadata.

Metadata medium	Steps
A metadata file	On the Import Metadata screen, select the File option. Choose the metadata file, and then click Next. Note: If the metadata file is digitally signed but the verification certificate is provided outside of the metadata, import the metadata verification certificate on the Import Certificate screen, and then click Next. On the Metadata Summary screen, review the signature information to evaluate the authenticity of the metadata. Click Save.
A metadata URL	On the Import Metadata screen, select the URL option. Select the metadata from the Metadata URL list. Tip: If the metadata you want is not shown in the list, click Manage Partner Metadata URLs. Click Load Metadata. Note: If there is a digital signature error, click Manage Partner Metadata URLs to resolve the issue. Click Save.

Metadata medium

Steps

A metadata file

On the Import Metadata screen, select the File option.
Choose the metadata file, and then click Next.
Note:
If the metadata file is digitally signed but the verification certificate is provided outside of the metadata, import the metadata verification certificate on the Import Certificate screen, and then click Next.
On the Metadata Summary screen, review the signature information to evaluate the authenticity of the metadata.
Click Save.

A metadata URL

On the Import Metadata screen, select the URL option.
Select the metadata from the Metadata URL list.
Tip: If the metadata you want is not shown in the list, click Manage Partner Metadata URLs.
Click Load Metadata.
Note: If there is a digital signature error, click Manage Partner Metadata URLs to resolve the issue.
Click Save.

On the Connections screen, click Save.

Note:

If the endpoints in the metadata share the same base URL (protocol, hostname, and port), PingFederate uses this information to populate the Base URL field. Consequently, individual endpoints on other screens do not include this information; only relative paths are shown.

Example

An SP has just changed its signing certificate and published a new metadata with the new certificate. To minimize the impacts to your users, you as the IdP can update the SP connection using the metadata immediately.

Access the Identity Provider > Manage All > Connections screen.
Click Update with Metadata under Action for the applicable SAML connection.
Follow the workflow to complete the task.