Editing a SAML 1.1 Service Provider’s Metadata

Access Manager allows you to obtain metadata for SAML 1.1 providers. However, metadata for SAML 1.1 might not be available for some trusted providers, so you can enter the metadata manually. The page for this is available if you clicked the Manual Entry option when you created the trusted provider.

For conceptual information about how Access Manager uses SAML, see Section 5.11.1, Understanding How Access Manager Uses SAML.

  1. Click Devices > Identity Servers > Edit > SAML 1.1 > [Service Provider] > Metadata.

    You can reimport the metadata (see Step 2) or edit it (see Step 3).

  2. To reimport the metadata, click Reimport on the View page.

    Follow the on-screen instructions to complete the steps in the wizard.

  3. To edit the metadata manually, click Edit.

  4. Fill in the following fields:

    Supported Version: Specifies which version of SAML that you want to use. You can select SAML 1.0, SAML 1.1, or both SAML 1.0 and SAML 1.1.

    Provider ID: (Required) Specifies the SAML 1.1 metadata unique identifier for the provider. For example, https://<dns>:8443/nidp/saml/metadata. Replace <dns> with the DNS name of the provider.

    In the metadata, this is the entityID value.

    Metadata expiration: Specifies the date upon which the metadata is no longer valid.

    Want assertion to be signed: Specifies that authentication assertions from the trusted provider must be signed.

    Artifact consumer URL: Specifies where the partner receives incoming SAML artifacts. For example, https://<dns>:8443/nidp/saml/spassertion_consumer. Replace <dns> with the DNS name of the provider.

    In the metadata, this URL value is found in the AssertionConsumerService section of the metadata.

    Post consumer URL: Specifies where the partner receives incoming SAML POST data. For example, https://<dns>:8443/nidp/saml/spassertion_consumer. Replace <dns> with the DNS name of the provider.

    In the metadata, this URL value is found in the AssertionConsumerService section of the metadata.

    Service Provider: Specifies the public key certificate used to sign SAML data. You can browse to locate the service provider certificate.

  5. Click Finish.