We need different SAML SSO to provide specific metadata for our identity providers. This allows e.g. to activate encryption or single logout only for some configurations.


Starting with SAML SSO 6.3.0, we added the option to have metadata URLs for specific idp configurations, e.g. https://<your baseurl>/plugins/servlet/samlsso/metadata?idp=1 for the idp with id 1.

However, you can still access general metadata via https://<your baseurl>/plugins/servlet/samlsso/metadata, this can also be configured separately.

General Settings

You can find the general metadata options via Service Provider. It allows adding the signing and encryption certificate, as well as the single logout URLs to the metadata.

Additionally, you can set the value for WantAssertionSigned and AuthRequestSigned. Don't forget to save when changing these. Additionally, you must reload the metadata on your identity provider to get the change.

Individual Metadata URL per Identity Provider

With SAML SSO 6.3.x, the metadata options are also available for each identity provider individually. For this, go to Identity Providers and choose your identity provider config.
Next, scroll down to the bottom of the page.

As you can see on the screenshot, the metadata URL has a parameter ?idp=1 to specify to metadata. Don't forget to save and reimport the metadata URL on your identity provider when changing settings here.