Configure metadata signing using the PingFederate administrative console.
PingFederate generates publicly available metadata for partners through the federation metadata endpoint, /pf/federation_metadata.ping. Although optional, signing the the metadata is recommended so that partners can verify the authenticity of the metadata.
- Go to .
In the Metadata Settings window, on theMetadata
Signing tab select a certificate from the Signing
If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.
Select a signing algorithm from the list.
The default selection is RSA SHA256 or ECDSA SHA256 depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm. The following table shows the URIs of the supported algorithms. For a list of the available signing algorithms and their URIs, see Signing algorithms.
The public key of the metadata signing certificate is included as part of the metadata.
When editing an existing configuration, you can also click Save as soon as the administrative console offers the opportunity to do so.