Editing A Saml 1.1 Service Provider's Metadata - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Source ID: The SAML Source ID for the trusted provider. The Source ID is a 20-byte value
that is used as part of the Browser/Artifact profile. It allows the receiving site to determine the
source of received SAML artifacts. If none is specified, the Source ID is auto-generated by
using a SHA-1 hash of the site provider ID.
Metadata expiration: The date upon which the metadata is no longer valid.
SAML attribute query URL: The URL location where an attribute query is to be sent to the
partner. The attribute query requests a set of attributes associated with a specific object. A
successful response contains assertions that contain attribute statements about the subject. A
SAML 1.1 provider might use the base URL, followed by /saml/soap. For example,
<dns>:8443/nidp/saml/soap
In the metadata, this URL value is found in the AttributeService section of the metadata.
Artifact resolution URL: The URL location where artifact resolution queries are sent. A
SAML artifact is included in the URL query string. The target URL on the destination site the
user wants to access is also included on the query string. A SAML 1.1 provider might use the
base URL, followed by /saml/soap. For example,
Replace <dns> with the DNS name of the provider.
In the metadata, this URL value is found in the ArtifactResolutionService section of the
metadata.
6 To specify signing certificate settings, fill in the following fields:
Attribute authority: Specifies the signing certificate of the partner SAML 1.1 attribute
authority. The attribute authority relies on the identity provider to provide it with authentication
information so that it can retrieve attributes for the appropriate entity or user. The attribute
authority must know that the entity requesting the attribute has been authenticated to the
system.
Identity provider: (Required) Appears if you are editing identity provider metadata. This field
specifies the signing certificate of the partner SAML 1.1 identity provider. It is the certificate
the partner uses to sign authentication assertions.
7 Click OK.
8 On the Identity Servers page, click Update All to update the configuration.

7.7.4 Editing a SAML 1.1 Service Provider's Metadata

Access Manager allows you to obtain metadata for SAML 1.1 providers. However, metadata for
SAML 1.1 might not be available for some trusted providers, so you can enter the metadata
manually. The page for this is available if you clicked the Manual Entry option when you
trusted provider.
For conceptual information about how Access Manager uses SAML, see
"Understanding How Access Manager Uses SAML," on page
1 In the Administration Console, click Devices > Identity Servers > Edit > SAML 1.1 > [Service
Provider] > Metadata.
You can reimport the metadata (see
2 To reimport the metadata, click Reimport on the View page.
Follow the on-screen instructions to complete the steps in the wizard.
3 To edit the metadata manually, click Edit.
. Replace <dns> with the DNS name of the provider.
https://<dns>:8443/nidp/saml/soap
Step 2) or edit it (see
Configuring SAML and Liberty Trusted Providers 205
Appendix B,
363.
Step 3).
https://
.
created the