SAML metadata URLs streamline the process of establishing and maintaining SAML connections. If your partner provides SAML metadata by URL, you can use the metadata URL for the following scenarios:

  • Creating a new SAML connection using the metadata URL and associating the metadata URL with the new connection
  • Enabling or disabling automatic updates from the associated metadata URL
  • Adding or updating the metadata URL associated with an existing SAML connection
  • Updating an existing SAML connection using the metadata URL instantly

You can quickly create connections with InCommon participants, update the connections automatically or manually as the InCommon participants update their metadata, and do so securely knowing PingFederate only commits changes to your connections after validating the digital signatures of the signed metadata.

When PingFederate accesses a digitally signed metadata URL for the first time, it validates the digital signature and stores the metadata URL and its verification certificate if the signature is correct. When an existing metadata URL is accessed, PingFederate validates the digital signature using the stored certificate. If there is a digital signature error, PingFederate aborts the process and provides an error with a recommended course of action. You can bypass the signature verification process.