Allow clients to access the signing certificate for the identity domain in IAM without logging in to an identity domain.
-
Open the navigation menu and click Identity & Security. Under Identity, click Domains.
-
Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want.
-
Click Settings and then click Domain settings.
-
Under Access signing certificate, select Configure client access to enable clients to access the tenant signing certificate without signing in to IAM.
If this option is cleared, clients can access the tenant signing certificate and the SAML metadata only after they authenticate by signing in to the identity domain.
-
Click Save changes.
-
In the overview page for the identity domain overview, click Copy next to the Domain URL in Domain information.
-
In a new browser tab, paste the URL you copied and add
/fed/v1/metadata
to the end of it, and then press Enter. For example:
https://<domain_url/fed/v1/metadata