RapidIdentity IdP Configuration
The Identity Provider Configuration page contains various URL sites, links to download metadata and certificate information, the certificate fingerprint, and an option to ensure consistent client address. This page provides administrators with their Registered Identity Provider information for user authentication in web applications.
Expand Identity Providers from the Left Menu Items, and click IDP Configuration.
 |
The current Identity Provider Configuration will be displayed in the workspace. For details, refer to the below table.
Field | Description |
|---|---|
Entity ID | The SAML EntityID of the Identity Provider |
Base URL | The base URL to the IdP |
Logout URL | The IdP's logout URL |
Live Metadata URL | The URL to view the metadata associated with the provider which allows the remote vendor to access the metadata at any time. |
Metadata | Click to download the registered metadata for the Identity Provider to save as an XML file. |
Signing Certificate .PEM File | Click to download the (.PEM) encryption certificate used by the Identity Provider. |
Signing Certificate .CER File | Click to download the (.CER) signing certificate used by the Identity Provider. |
Certificate Fingerprint | The SHA1 fingerprint of the IdP's signing and encryption certificate |
Ensure Consistent Client Address Checkbox | When this box is checked, the client address is maintained across clustering and is bound to a particular client IP address and is only considered valid when used from that same IP address. This box should remain un-checked if the IdP is behind a load-balancer whose own IP address can change over time (e.g. AWS ELB). The box should be unchecked when users are required to re-authenticate and when an error message occurs stating that a cookie was sent from one address but issued to another address. Sample error message: [WARN] 2015-09-10 09:24:22.597 RapidIdentity Federation - Client sent a cookie from address xxx.xxx.xxx.xxx but the cookie was issued to address xxx.xxx.xxx.xxx |
The Delete Configuration function should be used only if there is an issue with the IdP configuration, such as a mismatch of IP address or a change to the DNS name, as the IdP configuration will be deleted and must be reconfigured completely.
Caution
Deleting an IdP configuration will also result in deleting all SAML Relying Party configurations and will require reconfiguration of the IdP, Relying Parties, and all federated Service Providers.