HOW TO
Update SAML XML for ArcGIS Online Organizations
Summary
This workflow is for the scenario where all admins in an ArcGIS Online organization use SAML to log in. If the SAML is broken and there are no built-in admins who can sign in to fix the problem, the administrators can perform the following steps.
Examples of 'broken' SAMLs
- ArcGIS Online organization short name URL recently changed and needs to be updated in the SAML xml
- The SAML certificate expires before the user updated it on their end
Procedure
- Download the attached metadata.zip file. Extract the file metadata.txt and rename it to metadata.xml.
- Update it as follows and as shown in the image below:
- Follow the steps from Steps 2, "Upload the metadata file into your SAML IDP", through the end in the ArcGIS Blog: Action Required: ArcGIS Online SAML Customers
Example XML
There are two settings that must be replaced in several places in this document, as shown in the following example and image:
- Replace <ORG_URL> with the short name that defines the URL of the organization. An example of this new value is: essorg.
- Replace ORG_NAME with the Organization's name. An example of this new value is: Esri Support Services Organization.
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<ORG_URL>.maps.arcgis.com"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signout"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="1"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="2"/> </md:SPSSODescriptor> <md:Organization xml:lang="en"> <md:OrganizationName xml:lang="en">ORG_NAME</md:OrganizationName> <md:OrganizationDisplayName xml:lang="en">ORG_NAME</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="en">https://<ORG_URL>.maps.arcgis.com</md:OrganizationURL> </md:Organization> </md:EntityDescriptor>
Article ID: 000033450
Software:
- ArcGIS Online
Receive notifications and find solutions for new or common issues
Get summarized answers and video solutions from our new AI chatbot.
Related Information
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App