• pingfed_idp_metadata.xml—A SAML 2.0 metadata file represents PingFederate as an IdP and is required for the SAML SSO configuration of service providers. For information about using this metadata file in a PTC product configuration, see the following:

◦ Add the IdP Metadata File in the ThingWorx Help Center.

◦ “Copying the Identity Provider Metadata File” in the Windchill RV&S Single Sign-On Configuration Guide.

• pingfed_signing_certificate.crt—A SAML 2.0 signing certificate associated with PingFederate as an IdP and is required for the SAML SSO configuration of service providers. You must import this application layer certificate into the SSO KeyStore of each service provider, so that the incoming SAML assertion signatures are inspected to have been signed by PingFederate as the IdP. For information about using this signing certificate in a PTC product configuration, see the following:

◦ Import Certificates to KeyStore File in the ThingWorx Help Center.

◦ “Importing the Identity Provider Signing Certificate” in the Windchill RV&S Single Sign-On Configuration Guide.

• pingfed_ssl_server_certificate.crt—A transport layer (SSL or HTTPS) certificate associated with the PingFederate runtime server with PingFederate as the IdP and the authorization server. This certificate must be trusted by all partner applications, both service providers (for example, ThingWorx) and resource servers (for example, Windchill or Windchill RV&S), in an SSO setup. If this SSL certificate is not signed by a trusted authority, you must add it to the trust store of partner applications expecting to make HTTPS connections with PingFederate (for example, JVM cacerts).

• pingfed_sp_metadata.xml—A SAML 2.0 metadata file that represents PingFederate as a Service Provider for SAML 2.0 integration with remote IdP partner (ADFS or Generic SAML 2.0).