Exporting your metadata allows you to share metadata with other entity providers and can also be useful for troubleshooting your configuration. Importing metadata allows you to create remote entity providers.
You cannot import non-standard SAML2 metadata (such as ADFS) without making manual changes first. See ADFS SSO integration with Identity Cloud as SAML service provider for further information.
You can access metadata by navigating to the metadata URL in your browser or by exporting it to a file using a curl command such as:$ curl --output metadata.xml "[URL]"
The URL for metadata is in the following format:https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=[entityID]&realm=/realmname
- <YourTenantName> is your tenant name.
- [entityID] is the name of your IdP or SP entity provider, for example, idCloudSP.
- realmname is the name of the realm in which the entity provider is configured, for example, /alpha.
For example, with the above details:
- The URL to access your metadata is: https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha
- The curl command to export your metadata to file is:$ curl --output metadata.xml "https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha"
You can import SAML metadata via the console to create a new remote entity provider by navigating to Native Consoles > Access Management > Applications > Federation > Entity Providers, click Add Entity Provider, select Remote and upload the metadata.