• Home
  • XACML
    • XACML Policy Editors
    • XACML Samples
    • XACML Performance
    • XACML Discussions
    • Balana
  • SAML2
  • OAuth2
  • OpenID-Connect
  • SCIM
  • WS-Security
  • User Management
  • KeyStore Management
  • Patterns
  • WSO2
    • WSO2IS
    • WSO2APIM
    • WSO2ESB
    • WSO2 Extension
    • Load Balance
    • Clustering
    • Multitenancy
  • Shibboleth
  • Contact Us

How to Generate SAML Metadata for SAML2 SSO IDP

In SAML metadata profile,  It describes how IDP can provides the information about its endpoints, keys, profile support, processing requirements and etc for the service providers as metadata. But some of the SAML2 SSO IDP provider does not support to export its details as SAML metadata. Therefore you may need to create SAML metadata in your hand. Following is the sample configuration that can be use for this purpose. It has been created manually for WSO2 Identity Server with default configuration. But in your SAML2 IDP, these data may be changed. Therefore please configure according to it…

<EntityDescriptor entityID="https://localhost:9443/samlsso" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" validUntil="2023-09-23T06:57:15.396Z">
 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 <KeyDescriptor use="signing">
 <ds:KeyInfo>
 <ds:X509Data>
 <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
 CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
 Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
 CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
 AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
 sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
 AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
 QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
 O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=
 </ds:X509Certificate>
 </ds:X509Data>
 </ds:KeyInfo>
 </KeyDescriptor>
 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 Location="https://localhost:9443/samlsso"
 ResponseLocation="https://localhost:9443/samlsso"/>
 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 Location="https://localhost:9443/samlsso"/>
 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 Location="https://localhost:9443/samlsso"/>
 </IDPSSODescriptor>
</EntityDescriptor>

You need to configure following according to your configuration

entityID  -> You can find this value from identity.xml file under EntityId configuration or  in management console under SAML2 SSO Web Configuration in Resident Identity Provider configuration.  Default value for this is “localhost”

Location/ResponseLocation  -> It is url of Identity Server  https://{host name}:{port}/samlsso

X509Certificate -> One important thing is to generate the X509Certificate data. You need to locate the certificate file that is used to sign the SAML Assertion. By default it is in the keystore that has been configured in carbon.xml file (This is for super tenant,  other tenants, you can find the keystore in management console).  Then you need to configure the X509Certificate data within the metadata file. You can find more details about generating X509Certificate data from here.  Here you can find the X509 certificate data for default wso2carbon.jks file

Share this:

  • Facebook
  • LinkedIn
  • Twitter
  • Tumblr
  • Pinterest

Related posts:

  1. How to Generate Signature for SAML Metadata
  2. IDP Initiated SAML2 SSO with WSO2 Identity Server
  3. Configure WSO2 Identity Server as SAML2 SSO IDP
  4. How to retrieve X509 Certificate as “ds:X509Certificate” Data
Discuss this article on Stack Overflow
Tags: Metadata, SAML2, SSO
◀ Remote user management feature in WSO2 Carbon products.
Migration XACML policies from older versions to new Identity Server versions. ▶

Related Posts (YARPP)

  1. SSL profiles in WSO2 ESB
  2. How Install PostgreSQL database in Ubuntu
  3. How to Deploy Axis2 services in WSO2 BPS
  4. Configure WSO2 Identity Server as SAML2 SSO IDP

Recent Posts

  • Exchanging An OAuth2 Access token for An OpenAM Cookie (Cookie base OAuth2 grant)
  • How to renew self signed certificate keeping old private key
  • JIT provisioning & user association with WSO2IS
  • Mutual SSL (X.509 Certificate) grant type for OAuth2
  • Service provider grouping with WSO2 Identity Server
  • Custom authenticator for WSO2 Identity Server (WSO2IS) SSO login
  • How to configure session time out in WSO2 Identity Server (WSO2IS)
  • Deployment pattern of WSO2 Identity Server in production
  • Resolving ERR_SSL_WEAK_EPHEMERAL_DH_KEY error in WSO2 Products (Server has a weak ephemeral Dillie-Heffman public key).
  • Custom notification module for account management in WSO2 Identity Server (WSO2IS)
  • Configure Multiple Federated Identity Providers with WSO2 Identity Server (WSO2IS).
  • Configure KeyStore (JKS) files in WSO2 products in Production
  • Secure WSO2 ESB proxy service with HTTP Basic Authentication.
  • How to enable Hash Passwords in OpenLDAP
  • How to Install OpenLDAP server
  • User Password Hashing with WSO2 Identity Server (WSO2IS)
  • Securing APIs using Mutual SSL with WSO2 API Manager.
  • Federated authenticators in WSO2 API Manager - WSO2APIM
  • [Federated Authentication] Integration OpenAM with WSO2IS using Openid-Connect
  • Openid-connect support with OpenAM
  • Granting different access tokens for each APIs in WSO2 APIM using OAuth2 Scopes
  • Federated Authentication for granting OAuth2 Access token with WSO2 API Manager (APIM)
  • SAML2 Signature validation tool for SAML2 Response and Assertion
  • Validate and Process JWT tokens with Java
  • Customizing SAML2 Response and SAML2 Assertion in WSO2

Like SOA Security

Like SOA Security

Tags

Admin Services Balana Cluster Clustering Custom Customizing Entitlement Federated Authentication Federation Pattern grant_type Hash Password Identity Server JKS KeyStore LDAP Load balance Load Balancer Login MDF Mutual SSL OAuth2 OpenAM Openid-Connent Open source PAP PDP PEP PIP Policy Editor Proxy Server SAML SAML2 SSL SSO User Management Username Token WS-Security WSO2 WSO2 Extension WSO2APIM WSO2ESB WSO2IS XACML XACML 3.0 XACML Sample

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 53 other subscribers

Asteroid Theme