Hi, For a ‘Templated WS-Federation’ application, how can the Identity Provider Metadata URL be retrieved, using the API?
In the app’s sign-on tab in the portal, there is a URL with an ID different from the application ID. Where’s that ID come from? Is there some way to walk from the App ID to that FederationMetadata ID or URL, using the API?
https://{my custom domain}/FederationMetadata/2007-06/{?What's this ID?}/FederationMetadata.xml
Found what I was missing. Hope this helps someone else someday (my condolences to anyone else stuck with WS-Fed)
Short version: The App’s API response contain a ._links.metadata.href that has the ID I was missing.
$oktaDomain/api/v1/apps/$appId/sso/wsfed/metadata - ._links.metadata.href from the app api$oktaDomain/FederationMetadata/2007-06/_$DontKnowWhatThisIDIs_/FederationMetadata.xml - ‘Identity Provider metadata’ from the app’s Sign-On info in the portal.These two appear to be the same (ish). Weirdest difference is ns3 vs ns4 usage; the content seems to be identical. And the response from ._links.metadata.href can be used to construct a FederationMetadata.xml URL that matches the one in the portal.
Side note: I’d love to know
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.