The Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 specification defines a format for exchanging SAML configuration information. This exchange occurs out-of-band (e.g. by downloading from web sites or by email) between partner organizations as part of establishing a single sign-on environment. The use of SAML metadata is entirely optional. Information, including endpoint URLs etc, may be exchanged in any manner convenient to the partner organizations.
Importing SAML Metadata
The included ImportMetadata application imports a SAML metadata file into the high-level API SAML configuration (saml.config).
where the file contains the SAML entities descriptor or entity descriptor metadata to be imported into saml.config.
For example, the following imports IdP metadata into saml.config:ImportMetadata.exe idp-metadata.xml
The saml.config file, if any, is assumed to be in the current directory.
If it doesn’t exist, a saml.config file is created. Otherwise, metadata is merged into the existing saml.config.
A saml.config partner provider entry is created for each entity descriptor in the metadata.
The updated saml.config includes “TODO” instructions where additional information is required or needs review.
Exporting SAML Metadata
The included ExportMetadata application exports the high-level API SAML configuration (saml.config) to SAML metadata.
ExportMetadata.exe <partner-name> <metadata-filename>
where the partner name specifies the partner provider in the SAML configuration and a metadata file containing the SAML entity descriptor metadata is created.
For example, the following exports saml.config to a metadata file:
ExportMetadata.exe http://localhost/ExampleIdentityProvider sp-metadata.xml
The saml.config file is assumed to be in the current directory. The X.509 certificate specified in saml.config is assumed to be accessible.
A single metadata entity descriptor is created for the local provider configured in saml.config.
The generated metadata includes “TODO” instructions where additional information is required or needs review.