Adding SAML 2.0 metadata

SAML 2.0 metadata is the configuration information that tells the Feide login system how to talk to your service. See our reference documentation for more information.

All SAML 2.0 services must have one or more metadata entries registered. These are different instances of the service.

In some cases, the service only needs a single metadata entry, which covers all users of the service. In other cases, the service design requires you to add a separate metadata entry for each organization using the service. The latter is typically the case where you have a separate domain for each organization.

Federation

There are two federations you can add metadata to in Feide. The Feide production environment and the Feide test environment.

The Feide test environment is located at https://idp-test.feide.no, and is available for testing services. You can also add production metadata for our production environment at https://idp.feide.no, but it will not be active before the service is approved for production.

XML metadata

SAML 2.0 metadata is configured in a XML format. This is typically provided by the SAML 2.0 software / library used in the service.

In some cases the metadata is provided as two or three separate pieces of information (entityID, AssertionConsumerSerivice and SingleLogoutService). In that case, you can use the “Generate metadata”-button to generate XML metadata from that information.

Test users

For Feide we have two separate organizations with test users – the “Service Provider”-organization and the “Feide”-organization. You can enable login with test users from those organizations using with the check boxes here.

Note

Remember to deactivate test users for your production service when you are not using them. The test users are publically known, so others may be able to use the test users to access your service.

Restricting access

If you have multiple instances / metadata entries for the service, where only one organization should be able to use this instance, you can configure this using tee “Limit which organizations can log into this instance”-checkbox.