Constructing an alternative metadata exchange endpoint
You can embed virtual server ID information into a security token service (STS) metadata exchange endpoint or a SAML and WS-Federation metadata exchange endpoint.
About this task
This process is useful for scenarios where partners prefer to retrieve metadata by sending one query parameter such asPartnerSpId
or PartnerIdpId
, instead of two query parameters such asPartnerSpId
or PartnerIdpId
and vsid
.
Steps
-
Construct a JSON object containing a key-value pair of the virtual server ID by using the following format.
{"vsid":"<VirtualServerIdValue>"}
Example:
For example, if the virtual server ID is
Engineering
, the JSON object is{"vsid":"Engineering"}
. -
Base64url-encode the JSON object.
Example:
For example, if the JSON object is
{"vsid":"Engineering"}
, the base64url-encoded value iseyJ2c2lkIjoiRW5naW5lZXJpbmcifQ
.For more information about base64url, see tools.ietf.org/html/rfc4648.
-
Insert the base64url-encoded value prefixed with a forward slash into the metadata exchange endpoints, described as follows:
- Federation metadata endpoint (
/pf/federation_metadata.ping
) -
Between
/pf
and/federation_metadata.ping
. - STS metadata endpoint (
/pf/sts_mex.ping
) -
Between
/pf
and/sts_mex.ping
.Example:
For example, if the base64url-encoded value is
eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ
, the metadata exchange endpoints embedding with the virtual server ID are: - Federation metadata endpoint
-
/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping
Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/federation_metadata.ping?PartnerSpId=sp.example.org
- STS metadata endpoint
-
/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping
Example: https://idp.example.com:9031/pf/eyJ2c2lkIjoiRW5naW5lZXJpbmcifQ/sts_mex.ping?PartnerSpId=sp.example.org
- Federation metadata endpoint (