The easiest way to trust a SAML 2.0 service provider is to import its metadata XML file. The metadata XML file includes the following:
Address and name of the service provider
List of endpoint configurations the service provider supports
Public-key certificates for decryption and checking of the service provider's digital signature
This procedure explains how to access the metadata XML file of the service provider of the SAP NetWeaver Application Server (AS) Java.
The SAML service provider is enabled.
You have configured the endpoints for Single Sign-On (SSO), Single Log-Out (SLO), artifacts, and SOAP you want to support. Any endpoints you configure later require you to manually reconfigure your identity provider or reimport the metadata XML file.
You have determined how you want to access the metadata XML file.
The hostname and protocol generated for the service provider endpoints in the metadata XML file are the same as the hostname and protocol you use to access the metadata XML file. Use the same hostname and protocol you expect the identity provider to use, when it accesses the service provider endpoints. If you use a hostname that the identity provider cannot resolve, or a protocol that the identity provider cannot use, connections from the identity provider fail.
You have the following options for accessing the metadata XML file:
Download the metadata XML file from the AS Java.
Access the URL of the metadata XML file on the AS Java.
You have determined whether metadata must be digitally signed or not.
A digital signature ensures that other systems that trust the service provider check that the metadata XML really comes from that service provider.
For more information about signing the metadata XML, see Adding Digital Signatures to Metadata .
If others are meant to access the metadata XML URL, you must have enabled public access.
For more information, see Enabling Access to the SAML 2 Metadata XML File URL .
Optionally, you have configured any contact information.
For more information, see Adding Contact Data to the Metadata XML .
Downloading the Metadata XML File
Start SAP NetWeaver Administrator with the quick link /nwa/auth .
Choose the Download Metadata pushbutton.
If you require the metadata to be signed, you have the option to select another public-key certificate to sign the metadata. Use this option if you already have another method of trust set up to sign the metadata instead of the provider certificate.
To use this option clear the Use Provider Signing Keypair checkbox and select the required keystore entry.
Choose Download Metadata and save the XML file.
Accessing the URL of the Metadata XML File
When configuring the service providers you want your SAML identity provider to trust, enter the following URL for the AS Java host system:
https:// <hostname> : <port> /saml2/metadata
To access the metadata XML file with HTTP, you must enable HTTP access to the SAML service provider.
For more information, see Enabling HTTP Access to SAML Endpoints .