Metadata is an XML document that contains the necessary information to transmit an agreement between Identity and Service providers on how they want to set up the federation (through NameID) and where to reach the various services. This file contains settings such as endpoint URLs, supported bindings, identifiers and public keys.
Exporting your metadata allows you to share metadata with other entity providers and can also be useful for troubleshooting your configuration. Importing metadata allows you to create remote entity providers.
You cannot import non-standard SAML2 metadata (such as ADFS) without making manual changes first.
You can access metadata by navigating to the metadata URL in your browser or by exporting it to a file using a curl command such as:$ curl --output metadata.xml "[URL]"
The URL for metadata is in the following format:https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=[entityID]&realm=/realmname
- <YourTenantName> is your tenant name.
- [entityID] is the name of your IdP or SP entity provider, for example, idCloudSP.
- realmname is the name of the realm in which the entity provider is configured, for example, /alpha.
For example, with the above details:
- The URL to access your metadata is: https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha
- The curl command to export your metadata to file is:$ curl --output metadata.xml "https://openam-<YourTenantName>.forgerock.io/am/saml2/jsp/exportmetadata.jsp?entityid=idCloudSP&realm=/alpha"
You can import SAML metadata via the console to create a new remote entity provider by navigating to Native Consoles > Access Management > Applications > Federation > Entity Providers, click Add Entity Provider, select Remote and upload the metadata.