Single Sign On metadata file configure download

Document ID : KB000118701
Last Modified Date : 30/10/2018
Show Technical Document Details
Followed the instructions available at to enable single sign on.

Receiving a 404 error when trying to download the metadata file at http://RA-SERVER:8080/datamanagement/saml/metadata
CA Release Automation 6.6 and later
The documentation contains errata, which is addressed in the Resolution.
There are several points to consider.

Point 1:  Completeness of the file
If one examines an RA install's file, located in <RA Install>\webapps\datamanagement\WEB-INF, there should be a block of text that reads as:

The above block of text may be absent if your install of Release Automation was developed as part of an upgrade from a release older than 6.6.  You will need to add the above block of text to your file.  If you are using a fresh RA 6.6 install, you only need to examine the file to confirm the above text block is present.

Point 2:  Existing Documentation Errata
The existing documentation asks that the following block of text be introduced into the existing file (Configure SSO Authentication, step 3)

The above assumes a server name of "ratesting", that there is SSL in place, and the first line of the above block of text is actually a concatenation of two lines of text.  These entries will not work for most installs of RA.

Assuming you have the block of text described in Point 1 in place in your, you need only change this one line at minimum to configure the file for Single Sign On:

Line will need to be changed to:

You may also need to modify the additional entries listed in Point 1 to suit your requirements, if you need to use a specific server name, or implement with SSL.  (Side:  SSL is NOT a prerequisite for Single Sign On).  However, the purpose of this point is to establish the bare minimum to what configuration is needed to get Single Sign On configuration to work, to allow the install to download the spring_saml.metadata.xml file (discussed in the next point)

Point 3:  Download of the spring_saml_metadata.xml
After modifying the file, you will need to cycle RA Services, then run the following URL:


After recycling RA, it is recommended to wait about 10 minutes before attempting the metadata file download as it may take some time for RA to fully configure and generate the metadata file spring_saml_metadata.xml

Simply changing the file as described in Point 2 will allow for the download of the metadata file spring_saml_metadata.xml via the above URL.  The idp.xml file is not necessary to obtain the file in the first place.  However, you should obtain the idp.xml from your Single Sign On solution provider and place it in the requested location per the above documentation (click on this link to review) to configure SSO (location prescribed as <NAC_installation_Folder>/conf/idp.xml) as it will be needed for RA to communicate with its Single Sign On solution.