How To
ForgeRock Identity Cloud

How do I export and import SAML2 metadata in Identity Cloud?

Last updated Jun 28, 2021

The purpose of this article is to provide information on exporting and importing SAML2 metadata in Identity Cloud. The metadata contains information about the IdP or SP entity provider, and is required when configuring federation or sharing metadata with other entity providers.


Overview

Metadata is an XML document that contains the necessary information to transmit an agreement between Identity and Service providers on how they want to set up the federation (through NameID) and where to reach the various services. This file contains settings such as endpoint URLs, supported bindings, identifiers and public keys.

Exporting your metadata allows you to share metadata with other entity providers and can also be useful for troubleshooting your configuration. Importing metadata allows you to create remote entity providers. 

Note

You cannot import non-standard SAML2 metadata (such as ADFS) without making manual changes first. See ADFS SSO integration with Identity Cloud as SAML service provider for further information.

Exporting metadata

You can access metadata by navigating to the metadata URL in your browser or by exporting it to a file using a curl command such as:

$ curl --output metadata.xml "[URL]"

The URL for metadata is in the following format:

https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=[entityID]&realm=/realmname

Where:

  • <YourTenantName> is your tenant name.
  • [entityID] is the name of your IdP or SP entity provider, for example, idCloudSP.
  • realmname is the name of the realm in which the entity provider is configured, for example, /alpha.

For example, with the above details: 

  • The URL to access your metadata is: https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha
  • The curl command to export your metadata to file is:$ curl --output metadata.xml "https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha"

Importing metadata

You can import SAML metadata via the console to create a new remote entity provider by navigating to Native Consoles > Access Management > Applications > Federation > Entity Providers, click Add Entity Provider, select Remote and upload the metadata.

See Also

SAML v2.0 Guide



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...