Use the POST /connectionMetadata/export endpoint to export connection SAML metadata to a JSON file that can be given to a partner.

Status codes

Code Reason
200 Connection SAML metadata exported.
400 The request was improperly formatted or contained invalid fields.
403 PingFederate does not have the appropriate IdP/SP role enabled. Operation not available.
422 Validation error(s) occurred.

ExportMetadataRequest - The request for exporting a SAML connection’s metadata file for a partner.

Property Type Description
connectionId * string The ID of the connection to export.
connectionType * ConnectionType The type of connection to export.
signingSettings SigningSettings The signing settings to sign the metadata with. If null, the metadata will not be signed
useSecondaryPortForSoap boolean If PingFederate’s secondary SSL port is configured and you want to use it for the SOAP channel, set to true. If client-certificate authentication is configured for the SOAP channel, the secondary port is required and this must be set to true.
virtualHostName string The virtual host name to be used as the base url.
virtualServerId string The virtual server ID to export the metadata with. If null, the connection’s default will be used.

SigningSettings - Settings related to signing messages sent to this partner.

Property Type Description
algorithm string The algorithm used to sign messages sent to this partner. The default is SHA1withDSA for DSA certs, SHA256withRSA for RSA certs, and SHA256withECDSA for EC certs. For RSA certs, SHA1withRSA, SHA384withRSA, and SHA512withRSA are also supported. For EC certs, SHA384withECDSA and SHA512withECDSA are also supported. If the connection is WS-Federation with JWT token type, then the possible values are RSA SHA256, RSA SHA384, RSA SHA512, ECDSA SHA256, ECDSA SHA384, ECDSA SHA512
includeCertInSignature boolean Determines whether the signing certificate is included in the signature element.
includeRawKeyInSignature boolean Determines whether the element with the raw public key is included in the signature element.
signingKeyPairRef * ResourceLink The ID of the key pair used to sign messages sent to this partner. The ID of the key pair is also known as the alias and can be found by viewing the corresponding certificate under ‘Signing & Decryption Keys & Certificates’ in the PingFederate admin console.

ResourceLink - A reference to a resource.

Property Type Description
id * string The ID of the resource.
location string A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null.