The SAML v2 Plug-in for Federation Services contains the saml2meta command-line interface to manage metadata and circles of trust. It is located in /AccessManager-base/product-directory/saml2/meta or /FederationManager-base/SUNWam/saml2/meta.
The saml2meta syntax is:
saml2meta [-i staging-directory] import -u user-DN [-w password | -j password-file] [-r realm] [-m XML-file-name] [-x XML-file-name] [-t COT_name]
saml2meta [-i staging-directory] export -u user-DN [-w password | -j password-file] [-r realm] -e entityID [-n] [ -m XML-file-name] [-x XML-file-name]
saml2meta [-i staging-directory] template -u user-DN [-w password | -j password-file] [-e entityID] [-s metaAlias [-a certAlias] [-f certAlias]] [-d metaAlias [-b certAlias] [-g certAlias]] -m XML-file-name -x XML-file-name
saml2meta [-i staging-directory] delete -u user-DN [-w password | -j password-file] [-r realm] [-e entityID] [-c]
saml2meta [-i staging-directory] list -u user-DN [-w password | -j password-file]
saml2meta [-i staging-directory] cotcreate -u user-DN [-w password | -j password-file] [-t COT-name] [-p prefix-URL] [-l entity-ID, entity-ID, ...]
saml2meta [-i staging-directory] cotdelete -u user-DN [-w password | -j password-file] [-t COT-name]
saml2meta [-i staging-directory] cotadd -u user-DN [-w password | -j password-file] [-t COT-name] [-e entityID]
saml2meta [-i staging-directory] cotremove -u user-DN [-w password | -j password-file] [-t COT-name] [-e entityID]
saml2meta [-i staging-directory] cotmember -u user-DN [-w password | -j password-file] -t COT-name
saml2meta [-i staging-directory] cotlist -u user-DN [-w password | -j password_file]
saml2meta -V
saml2meta -?
where:
To access usage information on the command-line, change to /AccessManager-base/product-directory/saml2/bin or /FederationManager-base/SUNWam/saml2/bin and run saml2meta with no input.
For explanations of the saml2meta subcommands, see the:
saml2meta Subcommands for Managing Metadata in Table 3–1
saml2meta Subcommands for Managing Circles of Trust in Table 3–2
saml2meta is used to manage the SAML v2 metadata. The following table describes the saml2meta subcommands specific to metadata management.
Table 3–1 saml2meta Subcommands for Managing Metadata
Subcommand |
Description |
---|---|
import |
Loads standard and extended metadata in XML format into a local configuration data store. Note – Either -m or -x must be used. Both can also be used. |
export |
Exports standard and extended metadata in XML format from a local configuration data store. Note – Either -m or -x must be used. Both can also be used. |
template |
Generates a metadata configuration file for either type of hosted provider (service or identity) with defined values for default metadata properties. The generated file can be modified for use with import. |
delete |
Removes standard or extended metadata from a local configuration data store. |
list |
Generates a list of all the entity identifiers on the system. |
Following are some examples on how you might use saml2meta. See The saml2meta Command-line Reference for explanations of the options used.
The following command example will create both a standard and an extended metadata configuration file for service provider sp.sun.com:
# saml2meta template -u amadmin -w password -e sp.sun.com -s /sp -m spMeta.xml -x spExtended.xml |
The standard metadata is defined in spMeta.xml and the extended metadata is defined in spExtended.xml.
This command example will import the created files into the local configuration data store:
# saml2meta import -u amadmin -w password -m spMetadata.xml -x spExtended.xml |
Remember to delete old metadata before you import modified files.
The saml2meta command line interface creates and manages the circles of trust used by the SAML v2 Plug-in for Federation Services. The following table describes the saml2meta subcommands specific to circle of trust management.
Table 3–2 saml2meta Subcommands for Managing Circles of Trust
Subcommand |
Description |
---|---|
cotcreate |
Creates a circle of trust. |
cotdelete |
Removes a circle of trust. Note – To delete a circle of trust that contains providers, use cotremove to remove each provider first, then use cotdelete to delete the circle itself. |
cotadd |
Adds a trusted provider to an existing circle of trust. Note – cotadd can only add a single entity at a time. Add multiple entities when you first create the circle by using cotcreate and the -l option. |
cotremove |
Removes a trusted provider from an existing circle of trust. |
cotmember |
Lists the member providers in a particular circle of trust. |
cotlist |
Lists all the circles of trust configured on the system. |
The following command example will create a circle of trust:
saml2meta [-i staging-directory] cotcreate -u admin-user -w password -t COT-name -p idp-discovery-URL-path |
This second command example will add a trusted provider to an existing circle of trust:
saml2meta [-i staging-directory] cotadd -u admin-user -w password -t COT-name -e entity-ID |
This next command example will remove a trusted provider from an existing circle of trust:
saml2meta [-i staging-directory] cotremove -u admin-user -w password -t COT-name -e entity-ID |
This command example will list all the providers belonging to an existing circle of trust:
saml2meta [-i staging-directory] cotmember -u admin-user -w password -t COT-name |
This last command example will list all the available circles of trust under the instance of the SAML v2 Plug-in for Federation Services:
saml2meta [-i staging-directory] cotlist -u admin-user -w password |