Exporting selected SAML metadata - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

You can manually select the desired information and export a metadata XML file.

This type of export is useful for the following situations:

  • You have not yet created a SAML browser single sign-on (SSO) connection to the partner but would like to help your partner with its configuration by including selected information in a metadata XML file.
  • You want to export a SAML metadata with selected information, which can be passed to multiple partners to expedite their configurations.
  1. Go to System > Protocol Metadata > Metadata Export.
  2. On the Metadata Role tab, select the applicable role.
  3. On the Metadata Mode tab, select the Select information to include in metadata manually option.

    If the secondary HTTPS port is configured and you want to use it for the SOAP channel, select the Use the secondary port for SOAP channel check box.

    Note:

    If certificate-based authentication is configured for the SOAP channel, you must configure the pf.secondary.https.port property in the <pf_install>/pingfederate/bin/run.properties file and select this check box.

  4. On the Protocol tab, select the desired version of the SAML protocol from the list.
  5. On the Virtual Host Name tab, select the applicable virtual host name from the list.

    Shown and applicable only if PingFederate is configured with one of more virtual server host names.

    If a selection is made, PingFederate use that virtual host name when generating the metadata file. If left blank, PingFederate uses its base URL in the metadata file. If you decide to update one or more virtual host names at a later time, re-export the connection metadata for your partners.

  6. Optional: On the Attribute Contract tab, you can perform the following actions.
    ActionDescription

    Add

    Add an attribute contract by entering the contract's name and clicking Add.

    Edit

    Modify an existing attribute contract by clicking Edit. To save your change, click Update. To cancel your change, click Cancel.

    Delete

    Delete an existing attribute contract by clicking Delete.
  7. Optional: On the Signing Key tab, if you want to include a public key that this system uses for digital signatures, select an available key from the Digital Signature Keys/Certs list.

    If you have not yet created or imported a digital signature key to PingFederate, click Manage Certificates and use the Digital Signature Settings wizard to complete the task.

  8. Optional: On the Metadata Signing tab, select a certificate to use for signing the metadata XML file.
    1. Select a certificate from the Signing Certificate list.

      If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

    2. Optional: Select the related check boxes to include the public key information and the raw key in the signed XML file.
    3. Select a signing algorithm from the list.

      The default selection is RSA SHA256 or ECDSA SHA256, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.

  9. Optional: On the XML Encryption Certificate tab, select the certificate that your partner can use to encrypt XML content.

    Applicable only when you have selected SAML 2.0 on the Protocol tab.

    If you have not created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

  10. On the Export & Summary tab, click Export to save the metadata XML file, then click Done.
  11. Pass the metadata XML file to your partner or partners.