Export SAML Metadata From an Application on the Identity Router

In order for a SAML service provider (SP) to trust a given identity provider (IdP), the two entities must exchange configuration information. SAML metadata provides a standard method for exchanging these details. You can export SAML metadata to an XML file from a configured SAML-enabled application on the identity router, and import that data to an SP. Exporting metadata from an IdP can streamline the SP configuration process and reduce the risk of error.

Before you begin

  • You must be a Super Admin for the Cloud Administration Console to perform this task.
  • Make sure that the specific metadata that you want to export from the identity router application is configured in the Cloud Administration Console. For example, verify that the application uses the correct certificate and that the IdP URL is not expected to change.
The following SAML metadata is included in the IdP export for a configured SAML application on the identity router:
  • IdP Entity ID
  • IdP URL
  • The public certificate that the SP uses to validate the signature on the SAML response (assertion)
  • Supported name identifier formats such as email, subject, or unspecified
  • IdP binding information
  • IdP URL

Procedure

  1. In the Cloud Administration Console, click Applications > My Applications.
  2. Find the SAML application configuration you want and select Export Metadata from the Edit drop-down list.
    The file is automatically saved in your Downloads folder. The file has a name similar to application_SAML2_Direct-IdP-metadata.xml.

After you finish

The metadata file is ready to be imported to the SAML configuration on the SP. You can send the file to the SP administrator through email, or perform the import yourself.