Configuring metadata signing - PingFederate - 11.1

PingFederate Server

bundle
pingfederate-111
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.1
category
Administrator
Audience
Capability
DeploymentMethod
Product
SingleSignonSSO
Software
SystemAdministrator
pf-111
pingfederate
ContentType_ce

Configure metadata signing using the PingFederate administrative console.

PingFederate generates publicly available metadata for partners through the federation metadata endpoint, /pf/federation_metadata.ping. Although optional, signing the the metadata is recommended so that partners can verify the authenticity of the metadata.

  1. Go to System > Protocol Metadata.
  2. In the Metadata Settings window, on theMetadata Signing tab select a certificate from the Signing Certificate list.

    If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.

  3. Optional: Select a signing algorithm from the list.

    The default selection is RSA SHA256 or ECDSA SHA256 depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm.

    The public key of the metadata signing certificate is included as part of the metadata.

  4. Click Next.
    Tip:

    When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.