...
Code Block |
---|
http://localhost/idp/admin/resolvertest?querystringprincipal=jdoe&requester=https%3A%2F%2Fsp.example.org%2Fsp |
The same thing on the command line would be:
Code Block |
---|
$ /opt/shibboleth-idp/bin/aacli.sh -n jdoe -r https://sp.example.org/sp |
The parameters supported and their corresponding command line options are:
Query String | Command Line | Description |
---|---|---|
requester | --requester, -r | Required, identifies the relying party (SP) to simulate a resolution for |
principal | --principal, -n | Required, names the subject/user to simulate a resolution for |
acsIndex | --acsIndex, -i | Identifies the index of anĀ <md:AttributeConsumingService> element in the SP's metadata, which allows certain uncommonly used filtering rules to be run |
saml1 | --saml1 | Value is ignored, if present causes the output to be encoded into a SAML 1.1 assertion |
saml2 | --saml2 | Value is ignored, if present causes the output to be encoded into a SAML 2.0 assertion |
The tool essentially reproduces the results that would ordinarily be produced during a SSO or Attribute Query request. It operates very quickly since it runs within the existing application context. There are a couple of caveats to the reproduction of the results:
...