IBM Security Verify

Dear All,

I would like to ask whether is an option to make SAML federation metadata published by default? 

I mean, it would be nice if we can provide an URL to customer from where they can download SAML metdata files.  Like we can do similar for OIDC endpoints (well-known page). 

Till now I didn't find any solution (except manually create a webpage and copy file there). But his is not an automatic process. 


------------------------------
Janos Laszlo Horvath
------------------------------

Hi Janos,

I don't think that we have an "on-line" metadata endpoint for SAML metadata.  AFAIK, this was not part of original SAML specifications.
As you say, you could host the metadata yourself, even write a script to automate posting it.. but I don't think it's built in.
Mentioning @Yongming Chen just in case.

Jon.​

------------------------------
Jon Harry
Senior Technical Sales Enablement Specialist
Identity and Access Management
IBM Technology, Worldwide
------------------------------

Original Message:
Sent: Thu May 26, 2022 12:03 AM
From: Janos Laszlo Horvath
Subject: SAML Definition (metadate endpoint)

Dear All,

I would like to ask whether is an option to make SAML federation metadata published by default? 

I mean, it would be nice if we can provide an URL to customer from where they can download SAML metdata files.  Like we can do similar for OIDC endpoints (well-known page). 

Till now I didn't find any solution (except manually create a webpage and copy file there). But his is not an automatic process. 


------------------------------
Janos Laszlo Horvath
------------------------------

Hi Jon and Janos,

The SAML metadata export ep was changed to be publicly accessible a few months ago:

for the saml20 IdP federation metadata export, the ep is available in custom application UI connector instruction, e.g. https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata?keyLabel={selected signing key for the app}  (this is for the case the app uses a non default personal cert for signing; if the app uses default cert for signing, omit the keyLabel parameter https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata)

for the saml20 SP federation metadata export the ep is https://{tenanthostname}/v1.0/saml/federations/saml20sp/metadata

Best Regards

Yongming

------------------------------
Yongming Chen
------------------------------

Original Message:
Sent: Thu May 26, 2022 03:51 AM
From: Jon Harry
Subject: SAML Definition (metadate endpoint)

Hi Janos,

I don't think that we have an "on-line" metadata endpoint for SAML metadata.  AFAIK, this was not part of original SAML specifications.
As you say, you could host the metadata yourself, even write a script to automate posting it.. but I don't think it's built in.
Mentioning @Yongming Chen just in case.

Jon.​

------------------------------
Jon Harry
Senior Technical Sales Enablement Specialist
Identity and Access Management
IBM Technology, Worldwide

Original Message:
Sent: Thu May 26, 2022 12:03 AM
From: Janos Laszlo Horvath
Subject: SAML Definition (metadate endpoint)

Dear All,

I would like to ask whether is an option to make SAML federation metadata published by default? 

I mean, it would be nice if we can provide an URL to customer from where they can download SAML metdata files.  Like we can do similar for OIDC endpoints (well-known page). 

Till now I didn't find any solution (except manually create a webpage and copy file there). But his is not an automatic process. 


------------------------------
Janos Laszlo Horvath
------------------------------

Hi Yongming,

Thank for quick reply.  I guess you answer is related to Verify SaaS.  My fault.  This is a Verify Access question.  I should have directed to @Sumana Narasipur.
Sorry.

Jon.

​

------------------------------
Jon Harry
Senior Technical Sales Enablement Specialist
Identity and Access Management
IBM Technology, Worldwide
------------------------------

Original Message:
Sent: Thu May 26, 2022 04:13 AM
From: Yongming Chen
Subject: SAML Definition (metadate endpoint)

Hi Jon and Janos,

The SAML metadata export ep was changed to be publicly accessible a few months ago:

for the saml20 IdP federation metadata export, the ep is available in custom application UI connector instruction, e.g. https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata?keyLabel={selected signing key for the app}  (this is for the case the app uses a non default personal cert for signing; if the app uses default cert for signing, omit the keyLabel parameter https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata)

for the saml20 SP federation metadata export the ep is https://{tenanthostname}/v1.0/saml/federations/saml20sp/metadata

Best Regards

Yongming

------------------------------
Yongming Chen

Original Message:
Sent: Thu May 26, 2022 03:51 AM
From: Jon Harry
Subject: SAML Definition (metadate endpoint)

Hi Janos,

I don't think that we have an "on-line" metadata endpoint for SAML metadata.  AFAIK, this was not part of original SAML specifications.
As you say, you could host the metadata yourself, even write a script to automate posting it.. but I don't think it's built in.
Mentioning @Yongming Chen just in case.

Jon.​

------------------------------
Jon Harry
Senior Technical Sales Enablement Specialist
Identity and Access Management
IBM Technology, Worldwide

Original Message:
Sent: Thu May 26, 2022 12:03 AM
From: Janos Laszlo Horvath
Subject: SAML Definition (metadate endpoint)

Dear All,

I would like to ask whether is an option to make SAML federation metadata published by default? 

I mean, it would be nice if we can provide an URL to customer from where they can download SAML metdata files.  Like we can do similar for OIDC endpoints (well-known page). 

Till now I didn't find any solution (except manually create a webpage and copy file there). But his is not an automatic process. 


------------------------------
Janos Laszlo Horvath
------------------------------