How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the metaAlias for an existing IdP or SP in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on changing the metaAlias for an existing IdP or SP in AM. The metaAlias is used to locate the provider's entity identifier.


1 reader recommends this article

Changing the metaAlias

Note

The metaAlias value for an entity provider must be unique within a deployment.

You can change the metaAlias as follows:

  1. Export the IdP's or SP's standard and extended metadata files using one of the options in How do I export and import SAML2 metadata in AM (All versions)?
  2. Update the metaAlias value in the extended metadata XML file to the required value. For example, change the default /sp metaAlias value to /test: <SPSSOConfig metaAlias="/test">
  3. Update the metaAlias in all URLs in both the standard and extended metadata XML files with the new value. For example, for the SingleLogoutService (HTTP-Redirect binding) in the standard metadata XML file, the URLs would now look like this: <singlelogoutservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" location="http://sp.example.net:28080/openam/SPSloRedirect/metaAlias/test" responselocation="http://sp.example.net:28080/openam/SPSloRedirect/metaAlias/test"></singlelogoutservice>
  4. Remove the hosted IdP or SP configuration before importing the modified metadata files. For example, if you have modified metadata for the SP, you would remove the SP configuration from the SP. You can do this using either the console or ssoadm:
    • AM 6 and later console: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers and delete the hosted entity provider.
    • AM 5.x console: navigate to: Realms > [Realm Name] > Applications > SAML > Circle of Trust Configuration > Entity Providers and delete the hosted entity provider.
    • ssoadm: enter the following command: $ ./ssoadm delete-entity -u [adminID] -f [passwordfile] -e [realmname] -y [entityID] -c saml2replacing [adminID], [passwordfile], [realmname] and [entityID] with appropriate values.
  5. Import the modified IdP's or SP's standard and extended metadata files into AM using one of the options in How do I export and import SAML2 metadata in AM (All versions)?
  6. Remove the remote IdP or SP configuration. For example, if you have modified metadata for the SP, you would remove the SP configuration from the IdP. You can do this using either the console or ssoadm (assuming your IdP also uses AM):
    • AM 6 and later console: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers and delete the remote entity provider.
    • AM 5.x console: navigate to: Realms > [Realm Name] > Applications > SAML > Circle of Trust Configuration > Entity Providers and delete the remote entity provider.
    • ssoadm: enter the following command: $ ./ssoadm delete-entity -u [adminID] -f [passwordfile] -e [realmname] -y [entityID] -c saml2replacing [adminID], [passwordfile], [realmname] and [entityID] with appropriate values.
  7. Re-create the remote entity provider that you just deleted. You can do this via the console
    • AM 7 and later console: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers, click Add Entity Provider and select Remote.
    • Pre-AM 7 console: navigate to: Realms > [Realm Name] > Common Tasks > Configure SAMLv2 Provider and use the applicable Register Remote ... Provider work flow option.

See Also

How do I change the hostname for a remote IdP or SP entity in AM (All versions)?

How do I renew expired certificates for a hosted IdP or SP in AM 5.x or 6.x?

How do I renew expired certificates for a remote IdP or SP in AM (All versions)?

How do I rollover certificates for an IdP or SP in AM 5.x or 6.x?

FAQ: SAML federation in AM

SAML Federation in AM

SAML v2.0 Guide › Configuring IDPs, SPs, and CoTs

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.