/ 
Lemonldap-NG-Common-2.19.1
River stage one • 1 direct dependent • 1 total dependent
/ importMetadata

NAME

importMetadata - Script to import SAML federation metadata into LL::NG configuration

SYNOPSIS

importMetadata -m <metadata URL> [options]

Options:

-m, --metadata          URL of metadata document
-i, --idpconfprefix     Prefix used to set IDP configuration key
-s, --spconfprefix      Prefix used to set SP configuration key
--ignore-sp             ignore SP matching this entityID (can be specified multiple times)
--ignore-idp            ignore IdP matching this entityID (can be specified multiple times)
-a, --nagios            output statistics in Nagios format
-r, --remove            remove provider from LemonLDAP::NG if it does not appear in metadata
-n, --dry-run           print statistics but do not apply changes
-c, --config-file       use provided configuration file
-v, --verbose           increase verbosity of output
-h, --help              print full documentation

OPTIONS

-m URL, --metadata=URL

Specifies the <URL> of the metadata document to import

-i PREFIX, --idpconfprefix=PREFIX

Prefix each IDP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG

-s PREFIX, --spconfprefix=PREFIX

Prefix each SP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG

--ignore-sp=ENTITYID

Ignore the specified Service Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration

--ignore-idp=ENTITYID

Ignore the specified Identity Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration

-a, --nagios

After each run, print statistics about added/modified/deleted items in Nagios format

-r, --remove

If this option is used, after a successful import, existing SP/IDPs who match the configuration prefix will be removed from LemonLDAP::NG if they were not present in the imported metadata

-n, --dry-run

This option prevents the modified configuration from being saved. It can be used for testing.

-c, --config-file

Using a configuration file lets you do advanced configuration on a global per-provider basis. The configuration file is stored in .ini format. Here is an example file

# main script options, these will be overriden by the CLI options
[main]
dry-run=1
verbose=1
metadata=http://url/to/metadata.xml
; Multi-value options
ignore-idp=entity-id-to-ignore-1
ignore-idp=entity-id-to-ignore-2

# Default exported attributes for IDPs
[exportedAttributes]
cn=0;cn
eduPersonPrincipalName=0;eduPersonPrincipalName
...

# options that apply to all providers
[ALL]
; Disable signature requirement on requests
samlSPMetaDataOptionsCheckSSOMessageSignature=0
samlSPMetaDataOptionsCheckSLOMessageSignature=0
; Store SAML assertions in session
samlIDPMetaDataOptionsStoreSAMLToken=1
; Mark ePPN as always required
attribute_required_eduPersonPrincipalName=1
...

# Specific provider configurations
[https://test-sp.federation.renater.fr]
; All attributes are optional for this provider
attribute_required=0
; Override some options
samlSPMetaDataOptionsNameIDFormat=persistent

[https://idp.renater.fr/idp/shibboleth]
; declare an extra attribute from this provider
exported_attribute_eduPersonAffiliation=1;uid
-v, --verbose

Increase verbosity during script execution

-h, --help

Displays the script's documentation

SEE ALSO

http://lemonldap-ng.org/

AUTHORS

Clement Oudot, <clement@oodo.net>

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at https://lemonldap-ng.org/download