Constructing an alternative metadata exchange endpoint - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

You can embed virtual server ID information into a security token service (STS) metadata exchange endpoint or a SAML and WS-Federation metadata exchange endpoint.

This process is useful for scenarios where partners prefer to retrieve metadata by sending one query parameter such asPartnerSpId or PartnerIdpId, instead of two query parameters such asPartnerSpId or PartnerIdpId and vsid.

  1. Construct a JSON object containing a key-value pair of the virtual server ID by using the following format.
    {"vsid":"<VirtualServerIdValue>"}

    For example, if the virtual server ID is Engineering, the JSON object is {"vsid":"Engineering"}.

  2. Base64url-encode the JSON object.

    For example, if the JSON object is {"vsid":"Engineering"}, the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ.

    For more information about base64url, see tools.ietf.org/html/rfc4648.

  3. Insert the base64url-encoded value prefixed with a forward slash into the metadata exchange endpoints, described as follows:
    Federation metadata endpoint (/pf/federation_metadata.ping)
    Between /pf and /federation_metadata.ping.
    STS metadata endpoint (/pf/sts_mex.ping)
    Between /pf and /sts_mex.ping.

    For example, if the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ, the metadata exchange endpoints embedding with the virtual server ID are:

    Federation metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping?PartnerSpId=sp.example.org

    STS metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping?PartnerSpId=sp.example.org