• Hostname : Enter the externally accessible hostname.
• IdP Certificates: Generate a self-signed certificate or Import a PKCS12 file for SAML signing or SAML encryption.

Click on "Apply Changes"

Right click on "SAML Configuration" and click on "+Add" to add a new SAML Service Provider. Then fill out the new form with the appropirate following data

• Service Provider Name : Admin generated identifier
• Signing Certificate : Select an installed x509 certificate for SAML assertion signing
• Import SP Metadata: Upload XML Metadate for the SP. In this case it is the SimpleSAMLPHP.
• Import SP Metadata URL : Directly download XML Metadata from the SP. This requires the GGVA device to have direct access to the SimpleSAMLPHP server. This URL was provided in the Validate SP Metadata section.
• Entity Id : <Filled in by metadata>
• ACS URL : <Filled in by metadata>
• Validity Time : Set appropriately
• Realm : Select Realm identifier to associate with this SAML SP.
• Name Identifier : Select 'sAMAccountName' or 'uid' depending LDAP backend
• Sign Encryption : Check
• Encrypt Assertion : <Optional>
• Attribute Mapping : See below

Attibute mapping is used to map a user's LDAP attribute value from the LDAP directory to the SAML Assertion. Here are the mapping you need to make from SAML attribute name to the LDAP attribute value

• cn => cn
• mail => mail
• sAMAccountName => sAMAccountName (Active Directory)
• uid => uid  (OpenLDAP)
• memberOf => memberOf

Click on "Service Provider" and then press "Apply Changes"

Switch to the URL tab.  Now copy down the Metadata URL.