when we create the SP connection / IDP connection. We can export the connection metadata.
How important is this connection metadata. Is it confidential and not be shared with anyone? as the certificate related information is present in it. Do we have to keep control on it?
SAML 2.0 metadata only includes public keys of certificates, not the private ones, so that shouldn't be an issue. The latest version(s) of PingFederate even allow the usage of a URL for metadata, from where the actual details are pulled, which is also common practice with other solutions, so it's not really that confidential.