cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML 2.0 config - How to change endpoints in metadata XML file

Go to solution
jill_diesman
Participant

on ‎04-09-2018 2:10 PM

Hello,

After configuring SAML 2.0 authentication on our ERP system, I realized that I needed to create a new virtual host, under which my SAML-protected services and aliases would sit. I created a new domain name for this virtual host, saml2.host.domain.edu.

My problem now is that my ADFS admin requested that I re-create the service provider metadata XML file to reflect the new endpoints. I have not determined how to do this. In the browser-based SAML2 configuration screens, I do not find a way to indicate which endpoints to use.

Any help is much appreciated.

Best regards,
Jill

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jill_diesman
Participant
‎04-25-2018 3:57 PM

Rather than switch over to using a proxy or Web Dispatcher, I did the following:

  1. Under my new Virtual Host, saml2_host, I copied all of the services related to SAML2 Configuration, making sure to check the Handler List for each service.


  2. Under my new Virtual Host, saml2_host, I created a new External Alias: "/sap/saml2". This External Alias is based off the one by the same name under default_host. I selected its "Trg Element" as saml2_host > sap > public > bc > sec > saml2.


  3. In my browser, I called up the SAML2 configuration using the URL with my new domain name: https://saml2.host.domain.edu/sap/bc/webdynpro/sap/saml2?sap-client=&sap-language=EN

  4. From here I was able to download the service provider metadata XML file, which I then passed along to my colleague managing the Identity Provider side of things.

I hope this solution might be of use to others.

Cheers,
Jill

Show replies
Show replies

Answers (1)

Answers (1)

geferson_hess
Participant
‎04-09-2018 8:31 PM

Hi Jill,

To generate the metadata file with the correct endpoints, it's necessary to access the SAML2 configuration page using the desired host:port.

KBA 2326063 explains it when a proxy is used.

Regards,

Show replies
Show replies
jill_diesman
Participant
‎04-11-2018 6:04 PM
0 Kudos

Hello Geferson,

Thank you for replying to my question. I will try this solution using our Web Dispatcher system.

And I am curious... Given that I have created a Virtual Host and am using a new domain name for it, would you say that using a proxy/web dispatcher is the required way to handle it?

Best regards,
Jill

geferson_hess
Participant
‎04-11-2018 6:51 PM

Hi Jill,

No. The idea of the KBA is just to illustrate how you can get the correct entry points for the Metadata file.
The idea is to access the SAML service with the correct URL (in your case the Virtual Host one) and then generate the Metadata file.

Cheers.


jill_diesman
Participant
‎04-25-2018 3:27 PM
0 Kudos

Thank you for the clarification, Geferson.

Regards,
Jill

Ask a Question