Use the Generated Artifacts
The automation scripts for the PingFederate configuration generate artifacts corresponding to the configured PingFederate installation. They are dependent on partner applications in an SSO setup such as ThingWorx, or Windchill, or any other IDP that is configured, for example, ADFS or Generic SAML 2.0.
The automation scripts generate the following artifacts in the <PINGFEDERATE_SCRIPT_HOME>/output directory:
• pingfed_idp_metadata.xml—A SAML 2.0 metadata file represents PingFederate as an IdP and is required for the SAML SSO configuration of service providers. For information about using this metadata file in a PTC product configuration, see the following:
• pingfed_signing_certificate.crt—A SAML 2.0 signing certificate associated with PingFederate as an IdP and is required for the SAML SSO configuration of service providers. You must import this application layer certificate into the SSO KeyStore of each service provider, so that the incoming SAML assertion signatures are inspected to have been signed by PingFederate as the IdP. For information about using this signing certificate in a PTC product configuration, see the following:
• pingfed_ssl_server_certificate.crt—A transport layer (SSL or HTTPS) certificate associated with the PingFederate runtime server with PingFederate as the IdP and the authorization server. This certificate must be trusted by all partner applications, both service providers (for example, ThingWorx) and resource servers (for example, Windchill or Windchill RV&S), in an SSO setup. If this SSL certificate is not signed by a trusted authority, you must add it to the trust store of partner applications expecting to make HTTPS connections with PingFederate (for example, JVM cacerts).
• pingfed_sp_metadata.xml—A SAML 2.0 metadata file that represents PingFederate as a Service Provider for SAML 2.0 integration with remote IdP partner (ADFS or Generic SAML 2.0).