Service Provider Metadata
Last updated on
8 January 2026
Provide the module metadata to IdP:
-
Service Provider Metadata is an XML document that contains the necessary information, such as the Entity ID, ACS URL, X.509 Certificate, and supported SAML bindings for interaction with the Identity Provider. The Service Provider Metadata tab of the module allows you to provide metadata in three different formats, as supported by the IdP.
- For configuring miniOrange on your IdP, you have two options :
- URL Format:
https://{your_base_url}/saml_metadata - Using XML File: Download the file using the Download XML Metadata button.
- Manual: Below is a quick overview of the SAML attributes that should be configured on the Identity Provider to establish trust for authentication. You can copy the attribute values and provide them to the IdP.
- URL Format:
|
Description | |
| SP Entity ID/Issuer | It is the ID used by the Identity Provider to uniquely identify the service provider. | |
| SP ACS URL, Recipient URL, Destination URL | It is the URL of the service provider that is requesting the assertion from the identity provider. | |
| Single Logout URL | This is the URL of the service provider where the IdP sends its sign-out response. | |
| X.509 Certificate | X.509 Certificate is used by the IdPs to validate the requests. Some IdPs mandate the SPs to send signed requests so that they can verify that the requests are coming from the expected SPs. | |
| NameID Format | NameID Format determines how users at the Identity Provider are mapped to users at the Service Provider during SSO. Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Additional Settings:
- Change SP Base URLs (Optional)
- On the same page below the SP metadata, there is an option to change the base URL and the Entity ID of the Service Provider. Updating any of these will also update URLs in the metadata so you need to re-configure SP metadata in IdP again.
- SP Base URL: All SAML endpoints of the service provider are generated based on the base URL of the site. If a different base URL is needed, use this option.
- SP Entity ID: Entity ID used by the Identity Provider to uniquely identify the service provider. Use this option if you want a different value than the default value.
- On the same page below the SP metadata, there is an option to change the base URL and the Entity ID of the Service Provider. Updating any of these will also update URLs in the metadata so you need to re-configure SP metadata in IdP again.
- Authentication Security
- This option secures authentication by signing requests and requiring signed assertions, ensuring data integrity and preventing tampered or untrusted responses.
- Sign Authentication Requests: This ensures that all authentication requests sent by the module are signed.
- Require Signed Assertions: If you select True for this option, then a signed assertion is required from the IdP.
- This option secures authentication by signing requests and requiring signed assertions, ensuring data integrity and preventing tampered or untrusted responses.
- Metadata organization details (Optional)
- This section allows you to customize the organization details in the Service Provider metadata. Updating these details will also update the SP metadata, so you will need to reconfigure the SP metadata in the IdP
Configurable Options:
- Organization Name
- Organization display name
- Organization URL
- Technical contact person name
- Technical contact person email
- Support contact person name
- Support contact email
Back to topHelp improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
