HOW TO

Update SAML XML for ArcGIS Online Organizations

Last Published: October 9, 2024

Summary

This workflow is for the scenario where all admins in an ArcGIS Online organization use SAML to log in. If the SAML is broken and there are no built-in admins who can sign in to fix the problem, the administrators can perform the following steps. 

Examples of 'broken' SAMLs

  • ArcGIS Online organization short name URL recently changed and needs to be updated in the SAML xml
  • The SAML certificate expires before the user updated it on their end

Procedure

  1. Download the attached metadata.zip file. Extract the file metadata.txt and rename it to metadata.xml.
  2. Update it as follows and as shown in the image below:
  3. Follow the steps from Steps 2, "Upload the metadata file into your SAML IDP", through the end in the ArcGIS Blog:  Action Required: ArcGIS Online SAML Customers

Example XML

There are two settings that must be replaced in several places in this document, as shown in the following example and image:

  • Replace <ORG_URL> with the short name that defines the URL of the organization. An example of this new value is: essorg.
  • Replace ORG_NAME with the Organization's name. An example of this new value is: Esri Support Services Organization.
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<ORG_URL>.maps.arcgis.com">
	<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
		<md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:KeyDescriptor use="encryption">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signout"/>
		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="1"/>
		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="2"/>
	</md:SPSSODescriptor>
	<md:Organization xml:lang="en">
		<md:OrganizationName xml:lang="en">ORG_NAME</md:OrganizationName>
		<md:OrganizationDisplayName xml:lang="en">ORG_NAME</md:OrganizationDisplayName>
		<md:OrganizationURL xml:lang="en">https://<ORG_URL>.maps.arcgis.com</md:OrganizationURL>
	</md:Organization>
</md:EntityDescriptor>

updating metadata.xml

Article ID: 000033450

Software:
  • ArcGIS Online

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options