Constructing an alternative metadata exchange endpoint - PingFederate - 11.3

PingFederate Server
bundle
pingfederate-113
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.3 (Latest)
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-113
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

You can embed virtual server ID information into a security token service (STS) metadata exchange endpoint or a SAML and WS-Federation metadata exchange endpoint.

This process is useful for scenarios where partners prefer to retrieve metadata by sending one query parameter such asPartnerSpId or PartnerIdpId, instead of two query parameters such asPartnerSpId or PartnerIdpId and vsid.

  1. Construct a JSON object containing a key-value pair of the virtual server ID by using the following format.
    {"vsid":"<VirtualServerIdValue>"}

    For example, if the virtual server ID is Engineering, the JSON object is {"vsid":"Engineering"}.

  2. Base64url-encode the JSON object.

    For example, if the JSON object is {"vsid":"Engineering"}, the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ.

    For more information about base64url, see tools.ietf.org/html/rfc4648.

  3. Insert the base64url-encoded value prefixed with a forward slash into the metadata exchange endpoints, described as follows:
    Federation metadata endpoint (/pf/federation_metadata.ping)
    Between /pf and /federation_metadata.ping.
    STS metadata endpoint (/pf/sts_mex.ping)
    Between /pf and /sts_mex.ping.

    For example, if the base64url-encoded value is eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ, the metadata exchange endpoints embedding with the virtual server ID are:

    Federation metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping?PartnerSpId=sp.example.org

    STS metadata endpoint
    /pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping

    Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping?PartnerSpId=sp.example.org