Get SAML 2.0 IdP Metadata via Parameter

Tenant administrator can get the SAML 2.0 metadata via specific parameters.

Prerequisites

The information in this document is valid only for SAML 2.0 applications.

Context

You can get the SAML 2.0 tenant metadata containing the identity provider (IdP) certificate by calling the https://<tenant ID>.<tenant domain>/saml2/metadata end point and providing one of the following parameters:

Parameters

Parameter

Value

sp_name

The value is the name of the application as it appears in the Name field in the SAML 2.0 Configuration screen in the administration console.

Note:

If you had added a second signing certificate in the administration console tenant settings for a specific service provider (SP), and you chose one of the certificates to be used for that SP, you can retrieve the SAML 2.0 of the Identity Provider (IdP) metadata for that SP, containing the chosen IDP certificate by providing the SP name in the sp-name parameter.

certificates

all - gets both signing certificates configured for the tenant

Remember:

If you get the metadata with both certificates to update the trust on the identity provider side, information for the second certificate will be used only.
default - gets only the default signing certificate configured for the tenant
non-default - gets only the non-default signing certificate configured for the tenant

Note:

Tenant ID is an automatically generated ID by the system.

The domain can be accounts.ondemand.com or accounts.cloud.sap

Example:

https://mytenant.accounts.ondemand.com/saml2/metadata?sp_name=myapplication or https://mytenant.accounts.sap.cloud/saml2/metadata?sp_name=myapplication

https://mytenant.accounts.ondemand.com/saml2/metadata?certificates=all or https://mytenant.accounts.sap.cloud/saml2/metadata?certificates=all