...
IdP setup will vary depending on which IdP is being used. However, they generally all provide a link to the metadata in XML format that is needed to establish the connection between the IdP and the SP
The XML from the IdP needs to be converted into PHP format and appended to the above file using the metarefresh tool:
...
cat SF-SSO.php SF-SSO-2.php SF-SSO-3.php > /var/simplesamlphp/metadata/saml20-idp-remote.php
This creates entries in the metadata array for each IdP. The keys in this array are used in the next step
$metadata['https://drcloudehr-idd-qa-dev-ed.develop.my.salesforce.com'] = array (
'entityid' => 'https://drcloudehr-idd-qa-dev-ed.develop.my.salesforce.com',
'entityDescriptor' => 'PG1kOkVu....
...
'sp1' => [
'saml:SP',
'entityID' => 'https://drcloudehr-idd-qa-dev-ed.develop.my.salesforce.com',
'idp' => 'https://drcloudehr-idd-qa-dev-ed.develop.my.salesforce.com',
],
'sp2' => [
'saml:SP',
'entityID' => 'https://okta.com/',
'idp' => 'https://okta.com/',
],
The entityID and idp are keys to the metadata array defined in saml20-idp-remote.php file that was updated in the previous step.
The entityId and the idp entries are set to the same value to eliminate the step of choosing an IdP when logging in.
...