Where to get the IDP Metadata url from?

Question

Our customers integrate their SSO (okta/google) with our SaaS. Now inorder to authenticate them, we do a SAML login.

The crewjam library in golang has the following snippet which asks for metadataUrl :

idpMetadataURL, err := url.Parse(metadataurl)
        if err != nil {
            LogIfError(err)
            fmt.Printf("Error while trying to parse %s", metadataurl)
            continue
        }
        idpMetadata, err := samlsp.FetchMetadata(context.Background(), http.DefaultClient, *idpMetadataURL)
        if err != nil {
            LogIfError(err)
            fmt.Printf("Error while trying to fetch %s", idpMetadataURL)
            continue
        }

But most of the IDP providers, say google, allows you to download an IdpMetadata XML file but do not provide an idpMetadataURL.

Where does one fetch this url from ?

And what is the general accepted kosher architecture for allowing your users to go through saml and authenticate themselves?

I have implemented most of the workflow. This is where I am stuck and have tried to look up and read multiple resources. I looked into the xml metadata and there is an "entityId" inside EntityDescriptor. Not sure if thats the one. It did not work for me when I tried.

Any pointers?

Answer 1

Metadata files are usually available on identity provider while you're configuring integration. I'm using Okta to test SAML usually so here's the screenshot from there. Can't really help with Google specifically, but I'm sure it's similar as this is how I found it on 3 different identity providers, Okta, Azure and PingIdentity. In admin dashboard go to Applications > Choose your application > Sign On tab

About the architecture please read up on it online, there's plenty or resources. Then you can create a separate question with more specific question, general architecture is too wide of a subject for one question here.