You can manually select the desired information and export a metadata XML file.
This type of export is useful for the following situations:
- You have not yet created a SAML browser single sign-on (SSO) connection to the partner but would like to help your partner with its configuration by including selected information in a metadata XML file.
- You want to export a SAML metadata with selected information, which can be passed to multiple partners to expedite their configurations.
- Go to .
- On the Metadata Role tab, select the applicable role.
On the Metadata Mode tab, select the Select
information to include in metadata manually option.
If the secondary HTTPS port is configured and you want to use it for the SOAP channel, select the Use the secondary port for SOAP channel check box.Note:
If certificate-based authentication is configured for the SOAP channel, you must configure the pf.secondary.https.port property in the <pf_install>/pingfederate/bin/run.properties file and select this check box.
- On the Protocol tab, select the desired version of the SAML protocol from the list.
On the Virtual Host Name tab, select the applicable virtual
host name from the list.
This tab is shown and applicable only if PingFederate is configured with one of more virtual server host names.
If a selection is made, PingFederate use that virtual host name when generating the metadata file. If left blank, PingFederate uses its base URL in the metadata file. If you decide to update one or more virtual host names at a later time, re-export the connection metadata for your partners.
On the Attribute Contract tab, you can perform the following
Add an attribute contract by entering the contract's name and clicking Add.
Modify an existing attribute contract by clicking Edit. To save your change, click Update. To cancel your change, click Cancel.
Delete an existing attribute contract by clicking Delete.
On the Signing Key tab, do the following:
If you want to include a public key that this system uses for digital
signatures, select a key from the Digital Signature
If you have not yet created or imported a digital signature key to PingFederate, click Manage Certificates and use the Digital Signature Settings wizard to complete the task.
If you want to give partners an alternative key, select another key from the
Secondary Digital Signature Keys/Certs list.
You can't configure a secondary signing certificate if the primary certificate has certificate rotation enabled. You also can't use a certificate that has rotation enabled as the secondary signing certificate.
- Optional: If you want to include a public key that this system uses for digital signatures, select a key from the Digital Signature Keys/Certs list.
On the Metadata Signing tab, select a certificate to use for
signing the metadata XML file.
Select a certificate from the Signing Certificate
If you have not yet created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.
- Optional: Select the related check boxes to include the public key information and the raw key in the signed XML file.
Select a signing algorithm from the list.
The default selection is RSA SHA256 or ECDSA SHA256, depending on the key algorithm of the chosen signing certificate. Make a different selection if you and your connection partner have agreed to use a stronger algorithm. For a list of the available signing algorithms and their URIs, see Signing algorithms.
- Select a certificate from the Signing Certificate list.
On the XML Encryption Certificate tab, select the
certificate that your partner can use to encrypt XML content.
Applicable only when you have selected SAML 2.0 on the Protocol tab.
If you have not created or imported your certificate into PingFederate, click Manage Certificates and use the Certificate Management configuration wizard to complete the task.
- On the Export & Summary tab, click Export to save the metadata XML file, then click Done.
- Pass the metadata XML file to your partner or partners.