To load metadata compliant with the Liberty ID-FF, SAMLv2, or WS-Federation protocols, use the following command (options in square brackets are optional):
ssoadm import-entity --amadmin admin-ID --password-file password_filename [--realm] realm-name[--metadata-file] metadatafilename [--cot] circle_of-trust [--spec] idff_or_saml2_or_wsfed_or_wsfed |
This option is usually used to load provider metadata sent from a trusted partner in an XML file Here is an example of a service provider metadata XML file compliant with the Liberty ID-FF.
<!-- Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved Use is subject to license terms. --> <EntityDescriptor meta:providerID="http://sp10.com" meta:cacheDuration="360" xmlns:meta="urn:liberty:metadata:2003-08" xmlns="urn:liberty:metadata:2003-08"> <SPDescriptor cacheDuration="180" xmlns:meta="urn:liberty:metadata:2003-08" aaa="aaa" protocolSupportEnumeration="urn:liberty:iff:2003-08"> <KeyDescriptor use="signing"> <EncryptionMethod>http://something/encrypt</EncryptionMethod> <KeySize>4567</KeySize> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> MIIC1DCCApICBD8poYwwCwYHKoZIzjgEAwUAMFAxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTdW4x IDAeBgNVBAsTF1NVTiBPTkUgSWRlbnRpdHkgU2VydmVyMREwDwYDVQQDEwhzdW4tdW5peDAeFw0w MzA3MzEyMzA5MDBaFw0wNDAxMjcyMzA5MDBaMFAxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTdW4x IDAeBgNVBAsTF1NVTiBPTkUgSWRlbnRpdHkgU2VydmVyMREwDwYDVQQDEwhzdW4tdW5peDCCAbcw ggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR +1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1 AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hM KBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl nwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgCNS1il+RQAQGcQ87GBFde8kf8R6ZVuaDDajFYE4/LNT Kr1dhEcPCtvL+iUFi44LzJf8Wxh+eA5K1mjIdxOo/UdwTpNQSqiRrm4Pq0wFG+hPnUTYLTtENkVX IIvfeoVDkXnF/2/i1Iu6ttZckimOPHfLzQUL4ldL4QiaYuCQF6NfMAsGByqGSM44BAMFAAMvADAs AhQ6yueX7YlD7IlJhJ8D4l6xYqwopwIUHzX82qCzF+VzIUhi0JG7slSpyis= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <SingleLogoutServiceURL>http://www.sun.com/slo"</SingleLogoutServiceURL> <SingleLogoutServiceReturnURL>http://www.sun.com/sloservice </SingleLogoutServiceReturnURL> <FederationTerminationServiceURL>http://www.sun.com/fts </FederationTerminationServiceURL> <FederationTerminationServiceReturnURL>http://www.sun.com/ftsr </FederationTerminationServiceReturnURL> <FederationTerminationNotificationProtocolProfile> http://projectliberty.org/profiles/ fedterm-sp-http</FederationTerminationNotificationProtocolProfile> <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http </SingleLogoutProtocolProfile> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/ rni-sp-http</RegisterNameIdentifierProtocolProfile> <RegisterNameIdentifierServiceURL>http://www.sun2.com/risu </RegisterNameIdentifierServiceURL> <RegisterNameIdentifierServiceReturnURL>http://www.sun2.com/rstu </RegisterNameIdentifierServiceReturnURL> <RelationshipTerminationNotificationProtocolProfile>http://projectliberty.org/ profiles/rel-term-soap</RelationshipTerminationNotificationProtocolProfile> <NameIdentifierMappingBinding AuthorityKind="ppp:AuthorizationDecisionQuery" Location="http://eng.sun.com" Binding="http://www.sun.com" xmlns:ppp="urn:oasis:names:tc:SAML:1.0:protocol"></NameIdentifierMappingBinding> <AdditionalMetaLocation namespace="abc">http://www.aol.com</AdditionalMetaLocation> <AdditionalMetaLocation namespace="efd">http://www.netscape.com</AdditionalMetaLocation> <AssertionConsumerServiceURL id="jh899" isDefault="true"> http://www.iplanet.com/assertionurl</AssertionConsumerServiceURL> <AuthnRequestsSigned>true</AuthnRequestsSigned> </SPDescriptor> <ContactPerson xmlns:meta="urn:liberty:metadata:2003-08" contactType="technical" meta:libertyPrincipalIdentifier="myid"> <Company>SUn Microsystems</Company> <GivenName>Joe</GivenName> <SurName>Smith</SurName> <EmailAddress>joe@sun.com</EmailAddress> <EmailAddress>smith@sun.com</EmailAddress> <TelephoneNumber>45859995</TelephoneNumber> </ContactPerson> <Organization xmlns:xml="http://www.w3.org/XML/1998/namespace"> <OrganizationName xml:lang="en">sun com</OrganizationName> <OrganizationName xml:lang="en">sun micro com</OrganizationName> <OrganizationDisplayName xml:lang="en">sun.com</OrganizationDisplayName> <OrganizationURL xml:lang="en">http://www.sun.com/liberty</OrganizationURL> </Organization> </EntityDescriptor> |