You can embed virtual server ID information into an STS metadata exchange endpoint or a SAML and WS-Federation metadata exchange endpoint. This is useful for scenarios where partners prefer to retrieve metadata by sending one query parameter (PartnerSpId or PartnerIdpId) instead of two query parameters (PartnerSpId or PartnerIdpId and vsid).

  1. Construct a JSON object containing a key-value pair of the virtual server ID by using the following format:
    {"vsid":"<VirtualServerIdValue>"}

    For example, if the virtual server ID is Engineering, the JSON object is:

    {"vsid":"Engineering"}

  2. Base64url-encode the JSON object.

    For example, if the JSON object is {"vsid":"Engineering"}, the base64url-encoded value is:

    eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ

    (For more information about base64url, see tools.ietf.org/html/rfc4648.)

  3. Insert the base64url-encoded value (prefixed with a forward slash) into the metadata exchange endpoints, described as follows:
    Federation metadata endpoint (/pf/federation_metadata.ping)
    Between /pf and /federation_metadata.ping
    STS metadata endpoint (/pf/sts_mex.ping)
    Between /pf and /sts_mex.ping

    For example, if the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ, the metadata exchange endpoints embedding with the virtual server ID are:

    Federation metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping?PartnerSpId=sp.example.org

    STS metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping?PartnerSpId=sp.example.org