Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 2

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
http://localhost/idp/admin/resolvertest?querystringprincipal=jdoe&requester=https%3A%2F%2Fsp.example.org%2Fsp

The same thing on the command line would be:

Code Block
$ /opt/shibboleth-idp/bin/aacli.sh -n jdoe -r https://sp.example.org/sp

The parameters supported and their corresponding command line options are:

Query StringCommand LineDescription
requester
--requester, -r
Required, identifies the relying party (SP) to simulate a resolution for
principal
--principal, -n
Required, names the subject/user to simulate a resolution for
acsIndex
--acsIndex, -i
Identifies the index of anĀ <md:AttributeConsumingService> element in the SP's metadata, which allows certain uncommonly used filtering rules to be run
saml1
--saml1
Value is ignored, if present causes the output to be encoded into a SAML 1.1 assertion
saml2
--saml2
Value is ignored, if present causes the output to be encoded into a SAML 2.0 assertion

The tool essentially reproduces the results that would ordinarily be produced during a SSO or Attribute Query request. It operates very quickly since it runs within the existing application context. There are a couple of caveats to the reproduction of the results:

...