How To
ForgeRock Identity Cloud

How do I export and import SAML2 metadata in Identity Cloud?

Last updated Apr 20, 2022

The purpose of this article is to provide information on exporting and importing SAML2 metadata in ForgeRock Identity Cloud. The metadata contains information about the IdP or SP entity provider, and is required when configuring federation or sharing metadata with other entity providers.


Overview

Metadata is an XML document that contains the necessary information to transmit an agreement between Identity and Service providers on how they want to set up the federation (through NameID) and where to reach the various services. This file contains settings such as endpoint URLs, supported bindings, identifiers and public keys.

Exporting your metadata allows you to share metadata with other entity providers and can also be useful for troubleshooting your configuration. Importing metadata allows you to create remote entity providers. 

Note

You cannot import non-standard SAML2 metadata (such as ADFS) without making manual changes first. See ADFS SSO integration with Identity Cloud as SAML service provider for further information.

Exporting metadata

You can access metadata by navigating to the metadata URL in your browser or by exporting it to a file using a curl command such as:

$ curl --output metadata.xml "[URL]"

The URL for metadata is in the following format:

https://<tenant-name>.forgeblocks.com/am/saml2/jsp/exportmetadata.jsp?entityid=[entityID]&realm=/[realmname]

Where:

  • <tenant-name> is your tenant name.
  • [entityID] is the name of your IdP or SP entity provider, for example, idCloudSP.
  • [realmname] is the name of the realm in which the entity provider is configured, for example, /alpha.

For example, with the above details: 

  • The URL to access your metadata is: https://<tenant-name>.forgeblocks.com/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha
  • The curl command to export your metadata to file is:$ curl --output metadata.xml "https://<tenant-name>.forgeblocks.com/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha"

Importing metadata

You can import SAML metadata via the Identity Cloud admin UI to create a new remote entity provider. Go to Native Consoles > Access Management > Applications > Federation > Entity Providers, click Add Entity Provider, select Remote and upload the metadata.

See Also

SAML2 Federation in Identity Cloud

SAML v2.0


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.