How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the metaAlias for an existing IdP or SP in AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on changing the metaAlias for an existing IdP or SP in AM. The metaAlias is used to locate the provider's entity identifier.

1 reader recommends this article

Changing the metaAlias

Note

The metaAlias value for an entity provider must be unique within a deployment.

You can change the metaAlias as follows:

  1. Export the IdP's or SP's standard and extended metadata files using one of the options in How do I export and import SAML2 metadata in AM (All versions)?
  2. Update the metaAlias value in the extended metadata XML file to the required value. For example, change the default /sp metaAlias value to /test: <SPSSOConfig metaAlias="/test">
  3. Update the metaAlias in all URLs in both the standard and extended metadata XML files with the new value. For example, for the SingleLogoutService (HTTP-Redirect binding) in the standard metadata XML file, the URLs would now look like this: <singlelogoutservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" location="https://sp.example.com:8443/am/SPSloRedirect/metaAlias/test" responselocation="https://sp.example.com:8443/am/SPSloRedirect/metaAlias/test"></singlelogoutservice>
  4. Remove the hosted IdP or SP configuration before importing the modified metadata files. For example, if you have modified metadata for the SP, you would remove the SP configuration from the SP. You can do this using either the AM admin UI or ssoadm:
    • AM admin UI: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers and delete the hosted entity provider.
    • ssoadm: enter the following command: $ ./ssoadm delete-entity -u [adminID] -f [passwordfile] -e [realmname] -y [entityID] -c saml2replacing [adminID], [passwordfile], [realmname] and [entityID] with appropriate values.
  5. Import the modified IdP's or SP's standard and extended metadata files into AM using one of the options in How do I export and import SAML2 metadata in AM (All versions)?
  6. Remove the remote IdP or SP configuration. For example, if you have modified metadata for the SP, you would remove the SP configuration from the IdP. You can do this using either the AM admin UI or ssoadm (assuming your IdP also uses AM):
    • AM admin UI: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers and delete the remote entity provider.
    • ssoadm: enter the following command: $ ./ssoadm delete-entity -u [adminID] -f [passwordfile] -e [realmname] -y [entityID] -c saml2replacing [adminID], [passwordfile], [realmname] and [entityID] with appropriate values.
  7. Re-create the remote entity provider that you just deleted. You can do this via the AM admin UI:
    • AM 7 and later admin UI: navigate to Realms > [Realm Name] > Applications > Federation > Entity Providers, click Add Entity Provider and select Remote.
    • AM 6.x admin UI: navigate to: Realms > [Realm Name] > Common Tasks > Configure SAMLv2 Provider and use the applicable Register Remote ... Provider work flow option.

See Also

How do I change the hostname for a remote IdP or SP entity in AM (All versions)?

FAQ: SAML2 federation in AM

SAML 2.0 federation in AM

Configure IDPs, SPs, and CoTs

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.