This optional procedure displays, in a browser window, the standard and extended metadata for the hosted identity provider in XML format. The XML can be viewed as displayed or copied into a text file and saved.
This procedure assumes that you have just completed To Configure the Hosted Identity Provider and are still logged in to the OpenSSO Enterprise console.
Access https://lb2.idp-example.com:1081/opensso/ssoadm.jsp from the web browser.
ssoadm.jsp is a Java Server Page (JSP) version of the ssoadm command line interface. In this procedure it is used to display the hosted identity provider metadata.
Click export-entity.
The export-entity page is displayed.
Enter the following values for each option and click Submit.
The EntityID is the unique uniform resource identifier (URI) used to identify a particular provider. In this deployment, type https://lb2.idp-example.com:1081/opensso.
The OpenSSO Enterprise realm in which the data resides. In this deployment as all data resides in the top-level realm, type /.
Leave this unchecked.
Set this flag to export the standard metadata for the provider.
Set this flag to export the extended metadata for the provider.
Type saml2.
View the XML-formatted metadata in the browser window.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <EntityDescriptor entityID="https://lb2.idp-example.com:1081/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+ RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC /FfwWigmrW0Y0Q== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <ArtifactResolutionService index="0" isDefault="true" Binding= "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location= "https://lb2.idp-example.com:1081/opensso/ArtifactResolver/metaAlias/idp"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-Redirect" Location="https://lb2.idp-example.com:1081/opensso/ IDPSloRedirect/metaAlias/idp" ResponseLocation=" https://lb2.idp-example.com:1081/opensso/IDPSloRedirect/metaAlias/idp"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-POST" Location="https://lb2.idp-example.com:1081/opensso/IDPSloPOST/ metaAlias/idp" ResponseLocation="https://lb2.idp-example.com:1081/opensso/ IDPSloPOST/metaAlias/idp"/> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lb2.idp-example.com:1081/opensso/IDPSloSoap/metaAlias/idp"/> <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-Redirect" Location="https://lb2.idp-example.com:1081/opensso/ IDPMniRedirect/metaAlias/idp" ResponseLocation= "https://lb2.idp-example.com:1081/opensso/IDPMniRedirect/metaAlias/idp"/> <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://lb2.idp-example.com:1081/opensso/IDPMniPOST/metaAlias/idp" ResponseLocation="https://lb2.idp-example.com:1081/opensso/ IDPMniPOST/metaAlias/idp"/> <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lb2.idp-example.com:1081/opensso/IDPMniSoap/metaAlias/idp"/> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://lb2.idp-example.com:1081/opensso/SSORedirect/metaAlias/idp"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://lb2.idp-example.com:1081/opensso/SSOPOST/metaAlias/idp"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lb2.idp-example.com:1081/opensso/SSOSoap/metaAlias/idp"/> <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lb2.idp-example.com:1081/opensso/NIMSoap/metaAlias/idp"/> <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://lb2.idp-example.com:1081/opensso/AIDReqSoap/ IDPRole/metaAlias/idp"/> <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://lb2.idp-example.com:1081/opensso/AIDReqUri/ IDPRole/metaAlias/idp"/> </IDPSSODescriptor> </EntityDescriptor> Entity descriptor was exported to file, web. <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <EntityConfig entityID="https://lb2.idp-example.com:1081/opensso" hosted="true" xmlns="urn:sun:fm:SAML:2.0:entityconfig"> <IDPSSOConfig metaAlias="/idp"> <Attribute name="wantNameIDEncrypted"> <Value/> </Attribute> <Attribute name="AuthUrl"> <Value/> </Attribute> <Attribute name="nameIDFormatMap"> <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=</Value> <Value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos=</Value> <Value>urn:oasis:names:tc:SAML:1.1:nameid-format: WindowsDomainQualifiedName=</Value> <Value>urn:oasis:names:tc:SAML:1.1:nameid-format: X509SubjectName=</Value> <Value>urn:oasis:names:tc:SAML:1.1:nameid-format: emailAddress=mail</Value> </Attribute> <Attribute name="cotlist"> <Value>idpcot</Value> </Attribute> <Attribute name="saeIDPUrl"> <Value>https://lb2.idp-example.com:1081/opensso/idpsaehandler/ metaAlias/idp</Value> </Attribute> <Attribute name="idpAuthncontextClassrefMapping"> <Value>urn:oasis:names:tc:SAML:2.0:ac:classes: PasswordProtectedTransport|0||default</Value> </Attribute> <Attribute name="appLogoutUrl"> <Value/> </Attribute> <Attribute name="idpAccountMapper"> <Value>com.sun.identity.saml2.plugins. DefaultIDPAccountMapper</Value> </Attribute> <Attribute name="autofedEnabled"> <Value>false</Value> </Attribute> <Attribute name="signingCertAlias"> <Value>test</Value> </Attribute> <Attribute name="assertionCacheEnabled"> <Value>false</Value> </Attribute> <Attribute name="idpAuthncontextMapper"> <Value>com.sun.identity.saml2.plugins. DefaultIDPAuthnContextMapper</Value> </Attribute> <Attribute name="assertionEffectiveTime"> <Value>600</Value> </Attribute> <Attribute name="wantMNIResponseSigned"> <Value/> </Attribute> <Attribute name="wantMNIRequestSigned"> <Value/> </Attribute> <Attribute name="attributeMap"> <Value>EmailAddress=mail</Value> <Value>Telephone=telephonenumber</Value> </Attribute> <Attribute name="discoveryBootstrappingEnabled"> <Value>false</Value> </Attribute> <Attribute name="basicAuthUser"> <Value/> </Attribute> <Attribute name="idpAttributeMapper"> <Value>com.sun.identity.saml2.plugins. DefaultIDPAttributeMapper</Value> </Attribute> <Attribute name="idpECPSessionMapper"> <Value>com.sun.identity.saml2.plugins. DefaultIDPECPSessionMapper</Value> </Attribute> <Attribute name="basicAuthPassword"> <Value/> </Attribute> <Attribute name="basicAuthOn"> <Value>false</Value> </Attribute> <Attribute name="wantLogoutResponseSigned"> <Value/> </Attribute> <Attribute name="wantLogoutRequestSigned"> <Value/> </Attribute> <Attribute name="encryptionCertAlias"> <Value/> </Attribute> <Attribute name="wantArtifactResolveSigned"> <Value/> </Attribute> <Attribute name="assertionNotBeforeTimeSkew"> <Value>600</Value> </Attribute> <Attribute name="autofedAttribute"> <Value/> </Attribute> <Attribute name="saeAppSecretList"/> </IDPSSOConfig> </EntityConfig> Entity configuration was exported to file, web.
Log out of the OpenSSO Enterprise console.