- Sign on to the PingFederate administrative console and go to System > Protocol Metadata > Metadata Export.
-
On the Metadata Role tab, select I am the
Identity Provider (IdP), and then click
Next.
-
On the Metadata Mode tab, select Select
Information to Include in Metadata Manually, and then click
Next.
- On the Protocol tab, click Next until you reach the Signing Key tab, accepting the default values.
-
On the Signing Key tab, select an available signing key
from the Digital Signature Keys/Certs list, and then
click Next. If none are available, click
Manage Certificates to create a signing key, and then
follow the on-screen instructions.
Important:
Although you can use a self-signed certificate, a CA-signed certificate is recommended.
- Click Next until you reach the Export & Summary tab, accepting the default values on the Metadata Signing and XML Encryption Certificate tabs.
-
On the Export & Summary tab, click
Export and save the metadata.xml
file. You will upload this file to Palo Alto Networks NGFW in the next
step.