If you are using one of the SAML protocols (without a connection template), you can expedite the setup by one of the following actions:

  • Import a metadata file
  • Select a metadata URL

When you select a metadata URL, PingFederate also enables the automatic update option and checks the metadata periodically. If PingFederate detects changes in the partner's signing certificates (for digital signature verification), encryption key, or contact information, it updates the connection automatically. For better housekeeping, the update process removes verification certificates from the connection when the partner no longer maintains them in its metadata. In a clustered environment, PingFederate automatically replicates verification certificates and encryption key changes to all engine nodes. Offline engine nodes will also consume these changes as they restart and rejoin the cluster. If you prefer to update the connection manually, you can clear the Enable Automatic Reloading check box.

The reload frequency is configurable through the Reload Delay field on the System > Metadata Settings > Metadata Lifetime screen. The default reload frequency is daily.

Although optional, it is recommended that you turn on notifications for SAML metadata update events on the System > Runtime Notifications screen.

Note:

If the metadata contains changes that require additional configuration, the notification message also provides a list of the applicable items.

After the connection is created, you can add, remove, or change the metadata URL associated with the connection in the Import Metadata screen. In addition, you can also toggle the Enable Automatic Reloading option for the connection.

Tip:

Using a metadata URL with automatic reloading streamlines the configuration process. For example, you can quickly establish a Browser SSO connection to an InCommon-participating partner (see www.incommon.org/participants).

  1. Refer to the following steps to import or update metadata. Instructions vary depending on the medium of the metadata.
    Metadata medium Steps
    A metadata file
    1. On the Import Metadata screen, select the File option.
    2. Choose the metadata file, and then click Next.
      Note:

      If the metadata contains multiple entries, select the desired partner from the Select Entity ID list and click Next.

      Note:

      If the metadata file is digitally signed but the verification certificate is provided outside of the metadata, import the metadata verification certificate on the Import Certificate screen, and then click Next.

    3. On the Metadata Summary screen, review the signature information to evaluate the authenticity of the metadata.
    4. Click Next.
    A metadata URL
    1. On the Import Metadata screen, select the URL option.
    2. Select the metadata from the Metadata URL list.
      Tip: If the metadata you want is not shown in the list, click Manage Partner Metadata URLs.
    3. Optionally, clear the Enable Automatic Reloading check box to disable automatic update.
    4. Click Load Metadata.
      Note:

      If the metadata contains multiple entries, select the desired partner from the Select Entity ID list and click Next.

      Note:

      If there is a digital signature error, click Manage Partner Metadata URLs to resolve the issue.

    5. Click Next.