You can obtain metadata for SAML 2.0 providers. However, metadata for SAML 2.0 might not be available for some service providers, and you need to enter the metadata manually.
NOTE:You can obtain metadata for SAML 2.0 providers either by the service provider or by the pre-built catalog connector configuration. See Custom Connectors in the Access Manager Appliance CE 24.2 (v5.1) Applications Configuration Guide.
You must click Manual Entry option when you create a trusted provider to be able to enter the metadata manually.
On the Home page, click Applications > Select a Cluster > [SAML2 SP application] > Metadata.
You can reimport the metadata (see Step 2) or edit it (see Step 3).
To reimport the metadata, click Reimport metadata.
Follow the on-screen instructions to complete the steps through the wizard.
To edit the metadata manually, click Edit Metadata.
Specify the following details:
Provider ID: (Required) Specifies the SAML 2.0 metadata unique identifier for the provider. For example, https://<dns>:8443/nidp/saml2/metadata. Replace <dns> with the DNS name of the provider.
In the metadata, this is the entityID value.
Metadata Expiration: Specifies the date upon which the metadata is no longer valid.
Sign Assertion: Specifies that authentication assertions from the trusted provider must be signed.
Artifact Consumer URL: Specifies where the partner receives incoming SAML artifacts. For example, https://<dns>:8443/nidp/saml2/spassertion_consumer. Replace <dns> with the DNS name of the provider.
In the metadata, this URL value is found in the AssertionConsumerService section.
Post Consumer URL: Specifies where the partner receives incoming SAML POST data. For example, https://<dns>:8443/nidp/saml2/spassertion_consumer. Replace <dns> with the DNS name of the provider.
In the metadata, this URL value is found in the AssertionConsumerService section of the metadata.
Signing Certificates: Specifies the public key certificate used to sign SAML data. You can browse to locate the service provider certificate.
Click Save.