elastic · BigPandaToo · Nov 17, 2020 · Nov 15, 2020 · Nov 16, 2020 · Nov 16, 2020
diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -0,0 +1,44 @@
+[role="xpack"]
+[[security-api-saml-sp-metadata]]
+=== SAML sp metadata API
+
+Generate a SAML 2.0 Service Provider Metadata.
+
+[[security-api-saml-sp-metadata-request]]
+==== {api-request-title}
+
+`POST /_security/saml/metadata/<realmname>`
+
+[[security-api-saml-sp-metadata-desc]]
+==== {api-description-title}
+
+The SAML 2.0 specification provides a mechanism for Service Providers to describe their
+capabilities and configuration using a metadata file.
+This API generates Service Provider metadata, based on the configuration of a SAML realm
+in Elasticsearch.
+
+[[security-api-saml-sp-metadata-response-body]]
+==== {api-response-body-title}
+
+`metadata`::
+(string) An XML string that contains a SAML Service Providers metadata for the realm.
+
+[[security-api-saml-sp-metadata-example]]
+==== {api-examples-title}
+
+The following example generate Service Provider metadata for
+SAML realm `saml1`:
+
+[source,console]
+--------------------------------------------------
+GET /_security/saml/metadata/saml1
+--------------------------------------------------
+The API returns the following response:
+
+[source,js]
+--------------------------------------------------
+{
+    "metadata" : "<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://kibana.example.com/"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://kibana.example.com/logout"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kibana.example.com/api/security/v1/saml" index="1" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>"
+}
+--------------------------------------------------
+// NOTCONSOLE