Generating the identity provider metadata

Use your enterprise IdP user interface to generate the identity provider SAML metadata file.

CDP has the following requirements for the identity provider SAML metadata file:

  • The file must be a valid XML file.
  • The metadata must include at least one IDPSSOdescriptor element.
  • The metadata must contain information about at least one valid x.509 certificate that can be used to verify signed assertions.

The following XML file example shows the elements to include in the identity provider SAML metadata file:

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.IdP.com/entity_ID">
   <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:X509Data><ds:X509Certificate>full_x509-certificate_string</ds:X509Certificate></ds:X509Data>
         </ds:KeyInfo>
      </md:KeyDescriptor>
      <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
           Location="https://application.IdP.com/app/.../sso/saml"/>
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
           Location="https://application.IdP.com/app/.../sso/saml"/>
   </md:IDPSSODescriptor>
</md:EntityDescriptor>