Enterprise Authentication: Service Providers which do not support hosted metadata
In order to integrate your application with Enterprise Authentication, the Enterprise Authentication Identity Provider (IdP) will need to consume your application's Service Provider's (SP) metadata.
In many cases, the SP metadata will be hosted on the application itself. This is the best case scenario, and you can provide the metadata URL to the Enterprise Authentication team.
In some cases, however, the SP will generate the metadata but not provide a hosting option.
One possible solution is to share the metadata file with the Enterprise Authentication team via UT Box.
- Upload the metadata file to an appropriate location. We recommend that you use a Departmental UTBox Account.
- In the Box window, hover over the metadata file.
- Click Share. (You can also either click the right mouse button or the ellipsis (...) to access Share.)
- In the Share window, if needed, turn on the "Enable shared link" feature.
- In the Share window, click Link Settings. Box displays the Shared Link Settings window.
- In the Shared Link Settings window, in the Allow Download section, check the box labelled Allow users with the Shared Link to download this item.
- If this link does not appear, you do not have proper permissions to the folder it is in. The owner of the folder will need to extend you permissions to generate the link, or they can generate the link themselves.
- Copy the provided Direct Link URL. (The URL should have ".xml" at the end of it.)
- Click Save.
- Send the Enterprise Authentication team the URL you copied in step 7 above.
Important notes regarding this approach:
- Do not set an expiration date for the link. Your application will stop working on that day.
- Do not password protect the link. Enterprise Authentication will be unable to read your metadata.
- If you need to update the file, use "Upload New Version" (available in the ". . ." menu of an item in the web interface) which will not change the file's share URL. Changing the URL will break your integration with Enterprise Authentication.