If you are using one of the SAML protocols (without a connection template), you can expedite the setup by one of the following actions:
- Import a metadata file
- Select a metadata URL
When you select a metadata URL, PingFederate also enables the automatic update option and checks the metadata periodically. If PingFederate detects changes in the partner's signing certificates (for digital signature verification), encryption key, or contact information, it updates the connection automatically. For better housekeeping, the update process removes verification certificates from the connection when the partner no longer maintains them in its metadata. In a clustered environment, PingFederate automatically replicates verification certificates and encryption key changes to all engine nodes. Offline engine nodes will also consume these changes as they restart and rejoin the cluster. If you prefer to update the connection manually, you can clear the Enable Automatic Reloading check box.
The reload frequency is configurable through the Reload Delay field on the screen. The default reload frequency is daily.
Although optional, it is recommended that you turn on notifications for SAML metadata update events on the
screen.If the metadata contains changes that require additional configuration, the notification message also provides a list of the applicable items.
After the connection is created, you can add, remove, or change the metadata URL associated with the connection in the Import Metadata screen. In addition, you can also toggle the Enable Automatic Reloading option for the connection.
Using a metadata URL with automatic reloading streamlines the configuration process. For example, you can quickly establish a Browser SSO connection to an InCommon-participating partner (see www.incommon.org/participants).