...
The knoxsso.xml topology describes the manner in which a client acquires a KnoxSSO websso cookie/token. The pac4j federation provider allows the integration of a number of authentication solutions. In this case, the openid connect capability is being leveraged to integration the cloud based Privakey identity service.
Please take note of the need to encode the ampersand within the saml.serviceProviderEntityId parameter as "&" as well as the need to include a value for the saml.serviceProviderMetadataPath - the file location here doesn't need to exist. There is a bug that will throw a NPE if saml.serviceProviderMetadataPath is not included even though the actual metadata will be served up to the IdP via request.
<topology>
<gateway>
<provider>
...
<value>https://dev-122415.oktapreview.com/app/exk5nc5z1xbFKb7nH0h7/sso/saml/metadata</value>
</param>
<param>
<name>saml.serviceProviderMetadataPath</name>
<value>/tmp/sp-metadata.xml</value>
</param>
<param>
<name>saml.serviceProviderEntityId</name>
...