Metadata

If you change the base URL of the Identity Server, all service providers, including Embedded Service Providers, need to be updated so that they use the new metadata:

Embedded Service Provider Metadata

If you change the base URL of the Identity Provider, all Access Manager devices that have an Embedded Service Provider need to be updated so that new metadata is imported. To force a re-import of the metadata, you need to configure the device so it does not’ have a trusted relationship with Identity Server, update the device, reconfigure the device for a trusted relationship, then update the device. The following steps explain how to force Access Gateway to re-import the metadata of Identity Server.

  1. Click Devices > Access Gateways > Edit > Reverse Proxies/Authentication.

  2. Select None for the Identity Server Cluster option, click OK twice, then update Access Gateway.

  3. Click Edit > Reverse Proxies/Authentication.

  4. Select an Identity Server configuration for the Identity Server Cluster option, click OK > OK, and update Access Gateway.

Service Provider Metadata

If you have set up federation with another provider over the Liberty, SAML 1.1, SAML 2.0, or WS Federation protocol and you change the base URL of Identity Server, you need to update the provider with the new metadata to reestablish the trusted relationship. If the provider is another Identity Server, follow the procedure below to update the metadata; otherwise, follow the provider’s procedures.

  1. Click Devices > Identity Servers > Edit > [Protocol] > [Provider] > Metadata.

  2. Click Reimport.

  3. Follow the steps in the wizard.

    For more information, see Section 2.8.7, Managing Metadata.