The procedure for establishing trust between providers begins with obtaining metadata for the trusted provider. If you are using the NetIQ Identity Server, protocol-specific metadata is available via a URL.
On the Home page, click Identity Servers > Servers > Edit > [Protocol].
For the protocol, select SAML 2.0.
Select one of the following actions:
New: Launches the Create Trusted Identity Provider Wizard or the Create Trusted Service Provider Wizard, depending on your selection. See one of the following for more information:.
Delete: Allows you to delete the selected identity or service provider.
Enable: Enables the selected identity or service provider.
Disable: Disables the selected identity or service provider. When a provider is disabled, the server does not load the definition. The definition is not deleted, and at a future time, the provider can be enabled.
IMPORTANT:SAML 2.0 defines a logout mechanism whereby the service provider sends a logout command to the trusted identity provider when a user logs out at a service provider.
NOTE:While adding Access Manager Appliance as an identity provider or service provider to other Access Manager providers, the Metadata URL option must not be selected because Access Manager Appliance does not have any non-secure port for identity provider.