Configuring Provider Metadata for SAML Integration

SAML metadata is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). Metadata for the IdP and the SP is defined in XML files:

• The IdP metadata XML file contains the IdP certificate, the entity ID, the redirect URL, and the logout URL, for example, saml_idp_metadata.xml.

• The SP metadata XML file contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL), and a log out URL (SingleLogoutService), for example, saml_sp_metadata.xml.

Before using SAML to log on to the Web Console or to the Edge Monitor application, metadata from the IdP must be uploaded and metadata from the SP must be generated. After the SP metadata is generated, it must be shared with the IdP. Contact the IdP for instructions on securely sharing the SP metadata.

Before You Begin

1. Create an Identity Provider (IdP) metadata XML file using the SAML protocol. For SAML metadata specifications, go to the OASIS website, Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.

   Sample IdP metadata XML file: saml_idp_metadata.xml.

2. Create a keystore file. For information on keystore files, see Creating Certificates for SAML Integration.

Procedure

1. From the CommCell Console ribbon, on the Home tab, click Control Panel.

2. In the CommCell section, click Identity Management.

   The Identity Management dialog box is displayed.

3. On the Identity Management tab, click Add > SAML.

   The Add SAML Application Info dialog box is displayed.

4. On the General tab, enter an application name in the Application Name box.

5. Upload the IdP metadata:

   1. On the SAML tab in the Upload IDP metadata section, click Browse next to the File Path box.

   2. Browse to the location of the XML file that contains the IdP metadata, select the file, and click Import.

   3. Review the values in the Entity ID, Redirect URL, and Logout URL boxes. This information came from the imported IdP XML file.

6. Generate the SP metadata:

   1. In the Reuse\Generate SP Metadata section, click Browse next to the Keystore File Path box.

   2. Browse to the location of the keystore file, for example, C:\security\mykeystore.jks.

      For information on keystore files, see Creating Certificates for SAML Integration.

   3. Enter the keystore file values for Alias name, Key Store Password, and Key Password.

   4. In the Metadata Save Location box, enter a location and a file name for the SP metadata XML file, for example, C:\metadata\saml_sp_metadata.xml.

      After OK is clicked, the SP metadata XML file is created using the location and name entered in the Metadata Save Location box.

   5. In the Web Console list, click the Web Console to use with SAML authentication.

7. Click OK to generate the SP metadata and to save the IdP metadata.

   After the SP metadata is generated, it must be securely shared with the IdP. Contact the IdP for instructions on sharing the SP metadata.

What to Do Next

• Redirecting the Identity Provider Initiated Logons for SAML Integration

• Redirecting Service Provider Initiated Logons for SAML Integration

• Building the SAML Response Contents

• Creating URLs for SAML Interactions