IBM Security Verify

 View Only
  • 1.  SAML Definition (metadate endpoint)

    Posted Thu May 26, 2022 12:04 AM
    Dear All,

    I would like to ask whether is an option to make SAML federation metadata published by default? 

    I mean, it would be nice if we can provide an URL to customer from where they can download SAML metdata files.  Like we can do similar for OIDC endpoints (well-known page). 

    Till now I didn't find any solution (except manually create a webpage and copy file there). But his is not an automatic process. 


    ------------------------------
    Janos Laszlo Horvath
    ------------------------------


  • 2.  RE: SAML Definition (metadate endpoint)
    Best Answer

    Posted Thu May 26, 2022 03:51 AM
    Hi Janos,

    I don't think that we have an "on-line" metadata endpoint for SAML metadata.  AFAIK, this was not part of original SAML specifications.
    As you say, you could host the metadata yourself, even write a script to automate posting it.. but I don't think it's built in.
    Mentioning @Yongming Chen just in case.

    Jon.​

    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 3.  RE: SAML Definition (metadate endpoint)

    Posted Thu May 26, 2022 04:13 AM
    Hi Jon and Janos,

    The SAML metadata export ep was changed to be publicly accessible a few months ago:

    for the saml20 IdP federation metadata export, the ep is available in custom application UI connector instruction, e.g. https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata?keyLabel={selected signing key for the app}  (this is for the case the app uses a non default personal cert for signing; if the app uses default cert for signing, omit the keyLabel parameter https://{tenanthostname}/v1.0/saml/federations/saml20ip/metadata)

    for the saml20 SP federation metadata export the ep is https://{tenanthostname}/v1.0/saml/federations/saml20sp/metadata

    Best Regards

    Yongming

    ------------------------------
    Yongming Chen
    ------------------------------



  • 4.  RE: SAML Definition (metadate endpoint)

    Posted Thu May 26, 2022 04:16 AM
    Hi Yongming,

    Thank for quick reply.  I guess you answer is related to Verify SaaS.  My fault.  This is a Verify Access question.  I should have directed to @Sumana Narasipur.
    Sorry.

    Jon.



    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------