Where to find the metadata file ? once the SP info is completed in settings.php

[raayyaa]

Hi,

I filled in the SP info in my "settings.php" file but I still can't find the metadata.

My metadata.php file has not changed Is it an XML file that is created? Or did I miss a step?

I thank you in advance for your help

[pitbulk]

SP Metadata is created on the fly by getSPMetadata method. See an example of a file that generates SP metadata at the demo1/settings.php

[raayyaa]

Thank you for your answer. So are the metadata generated in the "metadata.php" file? Or is it a new xml file that appears on the server? I'm sorry I didn't understand where to find them.

and what does metadata template in the "metadata.php" file

https://github.com/onelogin/php-saml/blob/d074a814c45b96fd69b0401493385a17e006c533/lib/Saml2/Metadata.php#L146

Thank you.

[pitbulk]

The method getSPMetadata is the ones that generates the XML.

If you deploy metadata.php in a server and you access it via the browser, you will be able to see the SP metadata.

[raayyaa]

Hello, thank you, I finally have access to the metadata. I just have a question, I don't have the tags:

and yet I filled in a contact in the "advanced_settings.php" file. My metadatas: urn:oasis:names:tc:SAML:1.1:nameid-format:.. Wouldn't that come from "AuthnRequestsSigned="false""? I tried to set it to true, but the value doesn't want to change. Could you help me with this. Thank you very much.

[pitbulk]

You need to add SP private key and SP public cert to the toolkit, and later, if you plan to sign SAML Messages at the SP level, enable on of the Sign flag of the advanced settings.

Review the settings section: https://github.com/onelogin/php-saml#settings

[raayyaa]

Hello,

I have added the private key (sp.key) and the certificate (sp.crt) in the file /cert and even enabling SAML message signing in the advanced settings file. It doesn't change anything, the x509 certificate doesn't appear and authnRequestsSigned is still ="false".

What I did : add the certificate and the private key in the /cert folder. Add the information of the IPD and the SP in the file "settings" and in the file "advanced_settings" I added the information of a contact and activated the signature of the SAML messages.

I think I am almost there, did I forget a step? I thank you for your precious help

[pitbulk]

The AuthnRequestsSigned value on the Metadata is controlled by the value of the $authnsign parameter of the builder, which is used in the getSPMetadata method and will have the value of $this->_security['authnRequestsSigned'].

Have you configured properly the authnRequestsSigned advanced setting?

[raayyaa]

Hello,

I set "authnRequestsSigned" to true.

Here is my advanced parameter file with the changes I made.

I uncommented the "sign the metadata" part I added the 'x509cert' and the 'privatekey' and set the value "true" to 'signMetadata' line 74.

• I don't know if this part is really necessary?
• Is it also necessary to leave the "--BEGIN CERTIFICATE--" when filling the certificate ?

• What do you mean by configuring the "authnrequest" properly?

Thank you for your help.

[pitbulk]

I added the 'x509cert' and the 'privatekey' and set the value "true" to 'signMetadata' line 74.

'x509cert' and the 'privatekey' are the required values you need in order to sign the AuthNRequest

you don't need to enable the signMetadata value.

Is it also necessary to leave the "--BEGIN CERTIFICATE--" when filling the certificate ? The field accept the 2 options, with and without the headers.