I have started saml implemetation in java using opensaml. I have few questions:
- I know that before sending saml request to IDP, we need to register idp with sp using metadata. Do we need to manually exchange this metadata?
- Is it possible to implement saml in a way where IDp can be any?
- Is it necessary to implement both sp initiated and idp initiated SAML?
It depends on the IDP implementation. Most IDPs allow you to copy and paste the meta-data or set the URL for the SP meta-data file.
Basically yes. But keep in mind you'll have to support many types of SAML flow configurations. Note that every implementation can have different options, such as - the binding that will be used (redirect/post), with or without artifacts, with or without encryption, type of encryption and signing algorithms, and more... I suggest you stick to the basic scenario you need to implement.
It depends on your flow.
If both are a viable scenario for you, then implement both.
Hope it helps