You can obtain metadata for SAML 2.0 providers. However, metadata for SAML 2.0 might not be available for some service providers, and you need to enter the metadata manually.
NOTE:You can obtain metadata for SAML 2.0 providers either by the service provider or by the pre-built catalog connector configuration. See Custom Connectors in the Access Manager Appliance 5.0 Applications Configuration Guide.
You must click Manual Entry option when you create a trusted provider to be able to enter the metadata manually.
Click Devices > Identity Servers > Edit > SAML 2.0 > [Service Provider] > Metadata.
You can reimport the metadata (see Step 2) or edit it (see Step 3).
To reimport the metadata, click Reimport on the View page.
Follow the on-screen instructions to complete the steps through the wizard.
To edit the metadata manually, click Edit.
Specify the following details:
Provider ID: (Required) Specifies the SAML 2.0 metadata unique identifier for the provider. For example, https://<dns>:8443/nidp/saml2/metadata. Replace <dns> with the DNS name of the provider.
In the metadata, this is the entityID value.
Metadata expiration: Specifies the date upon which the metadata is no longer valid.
Want assertion to be signed: Specifies that authentication assertions from the trusted provider must be signed.
Artifact consumer URL: Specifies where the partner receives incoming SAML artifacts. For example, https://<dns>:8443/nidp/saml2/spassertion_consumer. Replace <dns> with the DNS name of the provider.
In the metadata, this URL value is found in the AssertionConsumerService section.
Post consumer URL: Specifies where the partner receives incoming SAML POST data. For example, https://<dns>:8443/nidp/saml2/spassertion_consumer. Replace <dns> with the DNS name of the provider.
In the metadata, this URL value is found in the AssertionConsumerService section of the metadata.
Service Provider: Specifies the public key certificate used to sign SAML data. You can browse to locate the service provider certificate.
Click Finish.