Is there an easy way to generate the Metadata for a Local SP?
I tried to use MetadataExporter.Export() but this method looks like it generates metadata for a partner identity provider.
ComponentSpace.SAML2.Exceptions.SAMLConfigurationException: The partner identity provider Auth/Saml/24 is not configured.
at ComponentSpace.SAML2.Configuration.SAMLConfiguration.GetPartnerIdentityProvider(String name) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\SAMLConfiguration.cs:line 200
at ComponentSpace.SAML2.Configuration.MetadataExporter.Export(SAMLConfiguration samlConfiguration, String partnerName) in C:\Sandboxes\ComponentSpace\SAMLv20\Library\Configuration\MetadataExporter.cs:line 111
The MetadataExporter.Export method will generate SAML metadata for the local service provider. However, you can specify the partner identity provider as there is some information that might be partner specific.
An example of why the partner identity provider name is required is that we support configuring a local service provider certificate per partner identity provider. This is optional but enables better certificate management and roll-over.
You can pass null in as the partnerName parameter in which case no local service provider configuration that’s partner specific will be included.
[quote]ComponentSpace - Tuesday, April 12, 2016
The MetadataExporter.Export method will generate SAML metadata for the local service provider. However, you can specify the partner identity provider as there is some information that might be partner specific.
An example of why the partner identity provider name is required is that we support configuring a local service provider certificate per partner identity provider. This is optional but enables better certificate management and roll-over.
You can pass null in as the partnerName parameter in which case no local service provider configuration that's partner specific will be included.
Ok thanks, that is helpful. Can you point me in the right direction for using different local SP certificates per partner IdP?
The local certificate may be specified as part of the local configuration.
For example:
<ServiceProvider Name=“<a href=“http://localhost/ExampleServiceProvider””>http://localhost/ExampleServiceProvider"
LocalCertificateFile=“Certificates\sp.pfx”
This certificate will be then used for SSO with all partner identity providers.
You can also specify this on a per partner provider basis.
For example:
<PartnerIdentityProvider Name=“<a href=“http://localhost/ExampleIdentityProvider””>http://localhost/ExampleIdentityProvider"
LocalCertificateFile=“Certificates\old-sp.pfx”
The LocalCertificateFile for the will be used if configured. Otherwise, the LocalCertificateFile for the is used.
This is useful when rolling certificates over. You don’t have to roll your certificate over at the same time for all partner providers.
Instead, the roll over may be staged.
I am looking to generate a Service Provider Metadata file and not sure what method to use for this. The post talks about MetadataExporter.Export(). But can someone help with the complete syntax or any example code for this ?
Please take a look at the Examples\Metadata\ExportMetadata project.
You’ll also find the SAML high-level API ExampleIdentityProvider and ExampleServiceProvider projects demonstrates importing and exporting SAML metadata.
Take a look at the SAML/ExportMetadata.aspx page for metadata export.
[quote]ComponentSpace - Thursday, July 14, 2016
Please take a look at the Examples\Metadata\ExportMetadata project.
You'll also find the SAML high-level API ExampleIdentityProvider and ExampleServiceProvider projects demonstrates importing and exporting SAML metadata.
Take a look at the SAML/ExportMetadata.aspx page for metadata export.
Yes, I did go to the C:\Program .... file and saw the sample example folders.
Thanks a lot for this quick responses, really appreciated :-) I will try this and get back to you for any issues
[quote]ComponentSpace - Thursday, July 14, 2016
Please take a look at the Examples\Metadata\ExportMetadata project.
You'll also find the SAML high-level API ExampleIdentityProvider and ExampleServiceProvider projects demonstrates importing and exporting SAML metadata.
Take a look at the SAML/ExportMetadata.aspx page for metadata export.
Yes, I did go to the C:\Program .... file and saw the sample example folders.
Thanks a lot for this quick responses, really appreciated :-) I will try this and get back to you for any issues
[/quote]Can you please let share more details on what the saml.config file is used for ? Since the ExportMetadata project uses this file while generating the metadata xml file
The SAML high-level API is supported by a SAML configuration. This can be specified programmatically or more typically by a saml.config file.
The saml.config file contains information about your local (identity or service) provider such as its name, the local certificate, URLs etc.
ExportMetadata takes information from the saml.config file and creates a SAML metadata file.
The SAML metadata file includes the entity ID (ie provider name), local certificate, URLs etc.
However, the format of the two files is different.
SAML metadata is a good format for exchanging configuration information but is too restrictive for the SAML configuration used by the SAML API.
You’ll find examples of the saml.config file with the various SAML high-level API projects.
Hi team,
Thanks for the info.
But you mentioned about this metadata being the restrictive - “SAML metadata is a good format for exchanging configuration information but is too restrictive for the SAML configuration used by the SAML API”
So would that be a problem. Is there any other method to generate the Metadata for the Service Provider ?
There is no issue with SAML metadata as a format for exchanging SAML configuration information.
However, we don’t use this internally for our SAML high-level API configuration (ie saml.config).
For example, SAML metadata allows you to specify your X.509 certificate (ie the public key).
The saml.config needs the private key to be specified either by a PFX file or Windows certificate store reference.
SAML metadata and the saml.config have different purposes which is why they’re different.
You don’t have to generate the SAML metadata from the saml.config using ExportMetadata.
We also include an SP-Template.xml file under Examples\Metadata\Templates.
The template file includes to-do instructions for editing the file as required. This includes specifying the correct entity ID, URLs, certificate etc.
[quote]ComponentSpace - Friday, July 15, 2016
There is no issue with SAML metadata as a format for exchanging SAML configuration information.
However, we don't use this internally for our SAML high-level API configuration (ie saml.config).
For example, SAML metadata allows you to specify your X.509 certificate (ie the public key).
The saml.config needs the private key to be specified either by a PFX file or Windows certificate store reference.
SAML metadata and the saml.config have different purposes which is why they're different.
You don't have to generate the SAML metadata from the saml.config using ExportMetadata.
We also include an SP-Template.xml file under Examples\Metadata\Templates.
The template file includes to-do instructions for editing the file as required. This includes specifying the correct entity ID, URLs, certificate etc.
[/quote]Thanks you team for the responses. We will refer the example.xml file for the Metadata file
You’re welcome. Contact us if you have any other questions.
You’re welcome to email us your metadata if you’d like it checked prior to supplying it to your partner.