How to generate Metadata XML

Daniel Malkmus

unread,

Jun 30, 2025, 7:08:46 PMJun 30

to SimpleSAMLphp

I have installed and configured Simplesamlphp for the very first time. I want to use it as IdP to authenticate again our MS AD / LDAP Server. This LDAP Configuration and test Auth works well on the first shot.

Then i have configured the first SP. In the Config Panel of the 3rd Party Service Provider i have ta pase a METADATA-XML-URL

I fail because i dont't know how to generate the XML Metadata file.

If i click on the configured SP in the Federation Tab i only can view a dump of the PHP Config-Arrays.

Can somebody take me on my hand and step through?

Kind regards, Daniel

monk...@gmail.com

unread,

Jun 30, 2025, 9:43:35 PMJun 30

to SimpleSAMLphp

Hi,

In the admin/federation page you should see your new IdP listed. There should be a little up/down arrow just under that IdP entry which if expanded should offer the SAML metadata "You can get the metadata XML on a dedicated URL:" which is followed by the URL to load the XML metadata?

If you are using a third party SP it should be happy with that XML file to get to now the IdP? You will likely also have to make sure the SP and IdP know about each other in their configuration files.

Daniel Malkmus

unread,

Jul 1, 2025, 9:23:25 PMJul 1

to SimpleSAMLphp

Hi,

there isn't any entry under HOSTED ENTITIES. I have configured the IdP in the Config File saml20-idp-hosted.php

config.php

 /*************
     | PROTOCOLS |
     *************/

    /*
     * Which functionality in SimpleSAMLphp do you want to enable. Normally you would enable only
     * one of the functionalities below, but in some cases you could run multiple functionalities.
     * In example when you are setting up a federation bridge.
     */
    'enable.saml20-idp' => true,
    'enable.adfs-idp' => false,

saml20-idp-hoststed.php

<?php

/* <-- SNIPP --> *///$metadata['urn:x-simplesamlphp:api.everlite.de'] = [
$metadata['api.everlite.de/simplesaml'] = [
/*
     * The hostname of the server (VHOST) that will use this SAML entity.
     *
     * Can be '__DEFAULT__', to use this entry by default.
     */
    'host' => 'api.everlite.de',

    // X.509 key and certificate. Relative to the cert directory.
    'privatekey' => 'api.everlite.de.pem',
    'certificate' => 'api.everlite.de.crt',

    /*
     * Authentication source to use. Must be one that is configured in
     * 'config/authsources.php'.
     */
    //'auth' => 'example-userpass',
    'auth' => 'everlite-ldap',
    
    /* Uncomment the following to use the uri NameFormat on attributes. */
    
    'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
    'authproc' => [
        // Convert LDAP names to oids.
        100 => ['class' => 'core:AttributeMap', 'name2oid'],
    ],

/* <-- SNAPP --> */
    

Daniel Malkmus

unread,

Jul 3, 2025, 8:34:00 PMJul 3

to SimpleSAMLphp

I just throw away everything and set up new. Now it works.

Reply all

Reply to author

Forward