An automatic import of SAML metadata give the opportunity to the administrators to skip importing and updating metadata manually. Having this feature requires only a one time setup which is done in Metadata Import Settings section for each SAML federation. The administrator does not need to publish each time an update occurs, instead an automatic publish is performed by the system.
The metadata is fetched automatically from the URL defined in Download URL and the integrity of the metadata is verified using the Signature Verification Key. The auto import is scheduled according to the Cache Duration, if any. The metadata can also have an expiration date which can be configured in the Valid Until field.
Follow these steps to enable use of Automatic SAML Metadata Import:
Write the correct url in Download URL field in Metadata Import Settings.
Upload the signing key of metadata file in the Signature Verification Key in Metadata Import Settings.
Assuming that other required settings for the SAML federation is complete, save the SAML federation and click publish. The publish link needs is to be clicked manually the first time, to activate automatic import.
After performing these steps, the metadata is distributed in the SAML federation; meaning that identity providers appears in the Role Service Provider tab and service providers appears in the Role Identity Provider tab. Also, if any, Cache Duration and/or Valid Until values are updated from the latest fetched metadata.
Hint: If problems downloading SAML metadata, read the Administration Service system log. The administrator may need to upload the SSL certificate, for the Download URL, as a CA certificate in the system to enable trust to that location.