NAME

importMetadata - Script to import SAML federation metadata into LL::NG configuration

SYNOPSIS

importMetadata -m <metadata URL> [options]

Options:

    -m, --metadata          URL of metadata document
    -i, --idpconfprefix     Prefix used to set IDP configuration key
    -s, --spconfprefix      Prefix used to set SP configuration key
    --ignore-sp             ignore SP matching this entityID (can be specified multiple times)
    --ignore-idp            ignore IdP matching this entityID (can be specified multiple times)
    -a, --nagios            output statistics in Nagios format
    -r, --remove            remove provider from LemonLDAP::NG if it does not appear in metadata
    -n, --dry-run           print statistics but do not apply changes
    -c, --config-file       use provided configuration file
    -v, --verbose           increase verbosity of output
    -h, --help              print full documentation

OPTIONS

-m URL, --metadata=URL

Specifies the <URL> of the metadata document to import

-i PREFIX, --idpconfprefix=PREFIX

Prefix each IDP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG

-s PREFIX, --spconfprefix=PREFIX

Prefix each SP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG

--ignore-sp=ENTITYID

Ignore the specified Service Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration

--ignore-idp=ENTITYID

Ignore the specified Identity Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration

-a, --nagios

After each run, print statistics about added/modified/deleted items in Nagios format

-r, --remove

If this option is used, after a successful import, existing SP/IDPs who match the configuration prefix will be removed from LemonLDAP::NG if they were not present in the imported metadata

-n, --dry-run

This option prevents the modified configuration from being saved. It can be used for testing.

-c, --config-file

Using a configuration file lets you do advanced configuration on a global per-provider basis. The configuration file is stored in .ini format. Here is an example file

    # main script options, these will be overriden by the CLI options
    [main]
    dry-run=1
    verbose=1
    metadata=http://url/to/metadata.xml
    ; Multi-value options
    ignore-idp=entity-id-to-ignore-1
    ignore-idp=entity-id-to-ignore-2
    # Default exported attributes for IDPs
    [exportedAttributes]
    cn=0;cn
    eduPersonPrincipalName=0;eduPersonPrincipalName
    ...
    # options that apply to all providers
    [ALL]
    ; Disable signature requirement on requests
    samlSPMetaDataOptionsCheckSSOMessageSignature=0
    samlSPMetaDataOptionsCheckSLOMessageSignature=0
    ; Store SAML assertions in session
    samlIDPMetaDataOptionsStoreSAMLToken=1
    ; Mark ePPN as always required
    attribute_required_eduPersonPrincipalName=1
    ...
    # Specific provider configurations
    [https://test-sp.federation.renater.fr]
    ; All attributes are optional for this provider
    attribute_required=0
    ; Override some options
    samlSPMetaDataOptionsNameIDFormat=persistent
    [https://idp.renater.fr/idp/shibboleth]
    ; declare an extra attribute from this provider
    exported_attribute_eduPersonAffiliation=1;uid
    

-v, --verbose

Increase verbosity during script execution

-h, --help

Displays the script's documentation

SEE ALSO

<http://lemonldap-ng.org/>

AUTHORS

Clement Oudot, <clement@oodo.net>

BUG REPORT

Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

DOWNLOAD

Lemonldap::NG is available at <https://lemonldap-ng.org/download>