Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

When Setting Okta up as an SSO for Liferay PaaS, how can I generate IdP metadata in Okta without first having SP metadata?

Written By

Madeleine Clay

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM).

Issue

  • The documentation for setting up an SSO with Liferay PaaS instructs clients to provide IdP metadata to the Liferay Cloud team before receiving SP metadata, including an Audience URL.
  • However, in order to generate IdP metadata, Okta requires an Audience URL be provided (https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm).
  • How can I provide IdP metadata to the Liferay Cloud Team without first receiving an Audience URL?

Environment

  • Liferay PaaS

Resolution

  • An Audience URI will be provided by the cloud team with the SP metadata, but this field can be configured temporarily, and changed when a new Audience URI is provided. See Okta's documentation of adding metadata for an Identity Provider (https://help.okta.com/en/prod/Content/Topics/Security/idp-add-metadata.htm):
     If prompted by the Security Provider to provide the IDP.XML file, you can get this information from the partially configured app. The metadata is dynamically generated at app creation.

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?