The IDP metadata file contains all standardized information about the remote IDP. It contains public keys, SAML endpoints (URLs), supported SAML bindings, and encryption/signing preferences.
The file should be provided by the identity provider.
The transfer of the IDP metadata file to the SP must be authentic, i.e., before using it, you must make sure it really belongs to the remote IDP. Failing to do so, may result in severe security flaws.
If the remote IDP does not provide you with a ready-to-use metadata file but only the relevant data (URLs, public keys, etc.) you may use the following template file to create a valid metadata file.
- Configuration instructions
- Copy the remote IDP metadata template file to the SAML directory.
- Remember the entityID of the remote IDP. It is required for the next two steps.
In this example, we use https://remote-idp.com/auth/saml/
as entity ID.