diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index c237b8db1c..c754258ecb 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -1,6 +1,7 @@
 package org.keycloak.broker.saml;
 
 import org.jboss.logging.Logger;
+import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.common.ClientConnection;
 import org.keycloak.common.VerificationException;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
@@ -45,6 +46,7 @@ import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
+import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
@@ -95,6 +97,13 @@ public class SAMLEndpoint {
         this.provider = provider;
     }
 
+    @GET
+    @NoCache
+    @Path("descriptor")
+    public Response getSPDescriptor() {
+        return provider.export(uriInfo, realm, null);
+    }
+
     @GET
     public Response redirectBinding(@QueryParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest,
                                     @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse,
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/identity-broker.xml b/docbook/auth-server-docs/reference/en/en-US/modules/identity-broker.xml
index cebf3af5b7..c0183ba3fd 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/identity-broker.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/identity-broker.xml
@@ -1052,7 +1052,7 @@
                             <literal>HTTP-POST Binding for AuthnReques</literal>
                         </entry>
                         <entry>
-                            Allows you to specify wheter SAML authentication requests must be sent using the HTTP-POST or HTTP-Redirect protocol bindings. If enabled, it will send requests using HTTP-POST binding.
+                            Allows you to specify whether SAML authentication requests must be sent using the HTTP-POST or HTTP-Redirect protocol bindings. If enabled, it will send requests using HTTP-POST binding.
                         </entry>
                     </row>
                 </tbody>
@@ -1066,6 +1066,16 @@
             Once you create a SAML provider, there is an <literal>EXPORT</literal> button that appears when viewing that provider.
             Clicking this button will export a SAML entity descriptor which you can use to
         </para>
+        <section>
+            <title>SP Descriptor</title>
+            <para>The SAML SP Descriptor XML file for the broker is available publically by going to this URL</para>
+            <programlisting>
+                http[s]://{host:port}/auth/realms/{realm-name}/broker/{broker-alias}/endpoint/descriptor
+            </programlisting>
+            <para>
+                This URL is useful if you need to import this information into an IDP that needs or is more user friendly to load from a remote URL.
+            </para>
+        </section>
     </section>
 
     <section>