To do this, you copy the key (or keys, if you have more than one) from the pf.jwk file on the source server and append it to the last key in the pf.jwk file on the target server, and then restart that target server. This step only needs to be done before the first migration.

  1. In your PingFederate installation on the source server, open the pf.jwk file in the <pf_install>/pingfederate/server/default/data directory.
  2. Copy the key in the file.
    Ensure you copy the entire key JSON message. For example, you would copy the text as shown in bold below:
    {"keys":[{"kty":"oct","kid":"j0PUEdAb95","k":"AGi8Lg_ewdl-_30Cx83kDMQE9oNlhgJSa_Pc4I8JTU8"}]}
  3. In your PingFederate installation on the target sever, open the pf.jwk file.
  4. Insert a comma at the end of the last key in the file and append the source key.
    For example, if the pf.jwk on the target server reads:
    {"keys":[{"kty":"oct","kid":"wER9zEpaPe","k":"i0HQr9JmsqjAX4o_BQU1qGJzoLQI-nmwp8u3GyHzTB8"}]}

    Insert the comma and the source key as follows:

    {"keys":[{"kty":"oct","kid":"wER9zEpaPe","k":"i0HQr9JmsqjAX4o_BQU1qGJzoLQI-nmwp8u3GyHzTB8"},
{"kty":"oct","kid":"j0PUEdAb95","k":"AGi8Lg_ewdl-_30Cx83kDMQE9oNlhgJSa_Pc4I8JTU8"}]}

    Note that this is a well-formed JSON document in one line.

  5. Save the pf.jwk file and restart the target server.
  6. If applicable, repeat the steps above for each target PingFederate server.