Description
This article describes how to generate Liferay SAML metadata from a web browser. SAML metadata in an
If a Liferay Portal or Digital Enterprise 7.0 instance has SAML enabled as either the SP or IdP, then the following steps can be performed to generate the metadata
XML
file is configuration data required to automatically negotiate
agreements between system entities, comprising identifiers, binding
support and endpoints, certificates, keys, cryptographic capabilities
and security and privacy policies. (See SAML V2.0 Metadata Guide.)If a Liferay Portal or Digital Enterprise 7.0 instance has SAML enabled as either the SP or IdP, then the following steps can be performed to generate the metadata
XML
file.Resolution
Any of the articles in the Additional Information section will contain specific steps on how to configure and enable SAML on your platform.1. After this has been completed, open a web browser and navigate to the following URL:
- <{IP_ADDRESS} or {virtual host name}>/c/portal/saml/metadata
XML
file from the browser (Click Save as...). Remember to use the same file name in the third party IdP or SP.Below is a test example SAML metadata in
XML
format:<?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor entityID="samlsp" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>OeS/FZEebCaJfq980NVrIWnEoLA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>bPBGfa7w40jHtab52olVr0wBST0RGbUx3QpJ/6Ivs8no42iuhDv790Cijc3UN5kjwr1SBLYo/1nl7ANTO5LBjd3TXMAASWydHbcgzYzqXA5Gx9F9BUlQx6rLZAK7GJWjHEU+zVqNSY51qHg3vKKsYXCXnfuxpr7huWfDu1qacOiIsN3qDHJ2ldchcs82BsBNqAmi5uDhppr2KSVNaodBk6FrrNyvrkZgMm+8JA52otipT1vYkoEz+32cqKWrbDVhSQvyqj0P3biU4N3ltJYBd/2wbkY/jUphWEuQ1LQPnWH7sGDvKdADO1AgIZK/ZNzxPDoeYeE3qPZrNkak83/klQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIC3zCCAccCBgFFLbHcqzANBgkqhkiG9w0BAQUFADAzMREwDwYDVQQDDAhkZWF0aHJheTERMA8G A1UECgwIZGVhdGhyYXkxCzAJBgNVBAYTAlVTMB4XDTE0MDQwNDE3MDMyMloXDTE1MDMyNjE3MDMy MlowMzERMA8GA1UEAwwIZGVhdGhyYXkxETAPBgNVBAoMCGRlYXRocmF5MQswCQYDVQQGEwJVUzCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIPGFtPxD7NwveZVuTRurSEdwZUfhIl5QfHv P+V2dVpltIaN09fiUJPDwDWdq7FYYkIfJC/Xe+t2beRuceCc9kfIpP05xrTxLHDER3uFlGBXPe7o M92ea0kwrA39vS3HQI92IZ5OjS8LIdQpZcK3SJBDQRpjVyNCxJtGPZA1tA0F3KMHIAwxIBXvtQgN iRXPQifnB4XRSE45G3InyM3nPrZuEcfD06sL5JLkc2q1hD0jMWpRxMNepQA7fq+8eXSF4xsxsdvY jfbzllrXiMKlJwnxP8J+yN+Iw9rQsBeBzJpC6I3eN3aiFCvSXucJ6Ue2ayINuQWyDzKnCODGSEKc Fj8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAOwuBUnI38pHn+h2/2S9KGG+MOcbZ+UuobezCW7sv bFnSpojMQvTabl0iVMWcSxQsbvWlPS3BAR8apwDGZNGJlMS+WPCX4MmvBitpaQQTiWj3HnuAo8jI URKa9i9XUrsQDXOP8LrXwizOgglUc5KMcVdX9ygQNAZPMbSJZ3XWtrqMbPNH+UlTbpAIP5e4ND1i nbyvcaF+hLfI5Sysz4cVxOc1i12KmKhJDl7pZp4kiviXLx6GurXn73IxYINVtEu83eEmJkabL5Ge vekdRnSaAmBeFyKgDLOz/ovapL5bBIgDIC5EmgP3+WHYLl7IMrl0HjZtdRQsGxrpGZf4EZ1XRg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><md:SPSSODescriptor AuthnRequestsSigned="true" ID="samlsp" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC3zCCAccCBgFFLbHcqzANBgkqhkiG9w0BAQUFADAzMREwDwYDVQQDDAhkZWF0aHJheTERMA8G A1UECgwIZGVhdGhyYXkxCzAJBgNVBAYTAlVTMB4XDTE0MDQwNDE3MDMyMloXDTE1MDMyNjE3MDMy MlowMzERMA8GA1UEAwwIZGVhdGhyYXkxETAPBgNVBAoMCGRlYXRocmF5MQswCQYDVQQGEwJVUzCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIPGFtPxD7NwveZVuTRurSEdwZUfhIl5QfHv P+V2dVpltIaN09fiUJPDwDWdq7FYYkIfJC/Xe+t2beRuceCc9kfIpP05xrTxLHDER3uFlGBXPe7o M92ea0kwrA39vS3HQI92IZ5OjS8LIdQpZcK3SJBDQRpjVyNCxJtGPZA1tA0F3KMHIAwxIBXvtQgN iRXPQifnB4XRSE45G3InyM3nPrZuEcfD06sL5JLkc2q1hD0jMWpRxMNepQA7fq+8eXSF4xsxsdvY jfbzllrXiMKlJwnxP8J+yN+Iw9rQsBeBzJpC6I3eN3aiFCvSXucJ6Ue2ayINuQWyDzKnCODGSEKc Fj8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAOwuBUnI38pHn+h2/2S9KGG+MOcbZ+UuobezCW7sv bFnSpojMQvTabl0iVMWcSxQsbvWlPS3BAR8apwDGZNGJlMS+WPCX4MmvBitpaQQTiWj3HnuAo8jI URKa9i9XUrsQDXOP8LrXwizOgglUc5KMcVdX9ygQNAZPMbSJZ3XWtrqMbPNH+UlTbpAIP5e4ND1i nbyvcaF+hLfI5Sysz4cVxOc1i12KmKhJDl7pZp4kiviXLx6GurXn73IxYINVtEu83eEmJkabL5Ge vekdRnSaAmBeFyKgDLOz/ovapL5bBIgDIC5EmgP3+WHYLl7IMrl0HjZtdRQsGxrpGZf4EZ1XRg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.bravo.com:9443/c/portal/saml/slo_redirect"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://www.bravo.com:9443/c/portal/saml/slo_soap"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.bravo.com:9443/c/portal/saml/acs" index="1" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>