Federation Guides › Partnership Federation Guide › Federation Entity Configuration › Create an Entity by Importing Metadata

Create an Entity by Importing Metadata

You can import data from a metadata file to create a federation entity. Importing the metadata reduces the amount of configuration for creating a partnership.

You can use metadata in the following ways:

• Import data from a remote partner to create a new remote entity.
• Import data from a remote partner to update an existing remote entity.
• Import data from a local entity to create a new local entity.

  This option can be useful to facilitate a migration from another federation product.

  Note: Federation does not support metadata imports to update or restore an existing partnership and local entity. To update an existing local entity, edit the entity and modify the settings that you want to change. You can import metadata only to create a new local entity.

The process for creating a metadata-based entity is as follows:

1. Select a metadata file for configuring a new entity.
2. Select an entity entry from the metadata file. The file can include several entities, but one entity per file is recommended.
3. (Optional) Select the certificates to import into the certificate data store. The certificates must be in the metadata file.

   These certificates can be used for authentication request verification, single logout response verification (SAML 2.0), and encryption (SAML 2.0).

4. Confirm the entity configuration.

Details about these steps are described in the next sections.

Metadata File Selection

The first step to create an entity from metadata is to select the metadata file.

Follow these steps:

1. Log in to the Administrative UI.
2. Select Federation, Partnership Federation, Entities.
3. Click Import Metadata.

   The Import Metadata dialog opens.

   Click Help for the field descriptions.

4. Browse for the metadata file you want to use to create the entity.
5. Select whether to create a new local or remote entity, or update an existing remote entity.

   Note: The Policy Server does not support metadata imports to update an existing partnership and local entity. You can only create a new local entity. To update an existing local entity, edit the entity and modify the settings that you want to change. You can update the existing remote entities or you can create new remote entities.

6. Click Next to select entities from the file.

If you select a metadata file with expired entries, the next dialog that the UI displays contains a section listing the expired entries. You cannot select these expired entries; they are displayed for your reference. If all entities in a metadata file are expired, no entities are displayed. In this case, upload a new document.

Select an Entity to Import

This procedure assumes that you have already selected a metadata file to create an entity. Select the entity from the file.

Follow these steps:

1. Specify a name for the new entity in the Select Entity Defined in File dialog.

   If you are doing a local import to create an entity, define the partnership name.

2. Click on the option button to select the entity.
3. Click Next.

   The Import Certificates dialog displays if importing metadata for a remote entity and the document includes certificate data.

   If the metadata file that you imported contains certificate entries, you can import these entries.