PingFederate generates publicly available metadata for partners through the federation metadata endpoint (/pf/ Although optional, it is recommended to sign the metadata, such that partners can verify the authenticity of the metadata.

  1. Go to the System > Metadata Settings > Metadata Signing screen.
  2. Select a certificate from the Signing Certificate list.

    If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

  3. Optional: Select a signing algorithm from the list.

    The default selection is RSA SHA256 or ECDSA SHA256, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.

    The public key of the metadata signing certificate is included as part of the metadata.

  4. Click Next and continue with the rest of the configuration.

    When editing an existing configuration, you may also click Save as soon as the administrative console offers the opportunity to do so.