Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

SAML – spmetadata.xml file

Solved1.85K views5th April 2021SAML
2
Jamie Stutz [SLC] [DevOps Member]1.18K 17th March 2021 0 Comments

Hi Dojo! Looking at the Help File entry Configuring external authentication via an identity provider using SAML, there is mention of two files that need to be referenced: ipMetadata.xml and spMetadata.xml. We have received the ipmetadata.xml file from our identity provider, but they say the spMetadata.xml file should be generated by DataMiner. Problem is, I don't see how to do that or know what's supposed to be in the file. Thoughts?

Jamie Stutz [SLC] [DevOps Member] Selected answer as best 5th April 2021

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
1
Rui Camacho [SLC] [DevOps Member]111 Posted 31st March 2021 1 Comment

Hi Jamie,

Service Provider metadata files should indeed be generated at Skyline.

The contents of this file vary from customer to customer and depend on the IdP metadata and their internal setup.

Here's why (you can skip to TLDR too):

The image above represents the HTTP exchange that occurs between each participant during a SSO. In our case the Service Provider is DataMiner. When not using the HTML5 apps, CUBE assumes the role of the browser.

However, SP and IdP are distinct independent systems. In order to be able to talk to each other, they have to establish a trust relationship.
This is achieved with the metadata files, where each file describes their entity configuration, so that a basis for communication can be found.

This is an SP metadata example similar to one deployed at one of our customers:

The important settings are:

EntityID - The identifier name for the Service Provider (the IdP looks at this to distinguish between talking to multiple SPs).
AuthnRequestsSigned - Whether the SAML requests made by DataMiner should be signed.
WantAssertionsSigned - Whether DataMiner wants the received SAML assertions to be signed by the IdP.
AssertionConsumerService - The endpoint(s) address at the Service Provide (DMA) to where the IdP will send its assertions.

TLDR:

With minimal SSO and SAML knowledge, the deployer or account manager heading the configuration should be able to easily compose an SP Metadata file which complies with both DataMiner and the IdP supported configurations.

There are good service provider metadata generator tools that can be used, i.e. https://www.samltool.com/sp_metadata.php

Alternatively these can be created manually too. The example above serves already as a reasonable template.

Remarks regarding configuration support:

  • Does not support Signing of AuthnRequest message but it's coming soon.
  • Only asymmetric algorithms for digital signatures are supported for now (ex RSA).

Finally, there will be SAML explained/tutorial videos coming up soon here on Dojo. So keep an eye out.

Jamie Stutz [SLC] [DevOps Member] Posted new comment 5th April 2021
Jamie Stutz [SLC] [DevOps Member] commented 5th April 2021

Thanks Rui! Very helpful.

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs