Versions Compared

Old Version 10

changes.mady.by.user peter

Saved on

compared with

New Version 11

changes.mady.by.user Tom Zeller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Parameter

Required / Optional

Use

--configDir

Required

Directory containing the configuration information for the system. If not specified and the IDP_HOME environment variable is set, defaults to $IDP_HOME/conf.

--principal

Required

Principal name (user id) of the person to retrieve the attributes about

--requester

Optional

The SAML entity ID that is requesting the attributes (entity ID of the Service Provider)

--issuer

Optional

The SAML entity ID of the producer/issuer of the attributes

--authnMethod

Optional

The authentication method URI that the principal was authenticated with

--saml1

Optional

A no-value argument that indicates the resulting attributes should be SAML 1 formated instead of SAML 2

--springExtsOptional

Colon-delimited list of files containing Spring extension configurations

--help

Optional

Displays the help message for the tool

...

Code Block
titleExample Commands

> ./aacli.sh --configDir=conf/ --principal=jsmith

OR

> bin\aacli.bat --configDir=conf/ --principal=jsmith --requester=http://example.org/sp --saml1

...

When no attributes would be released, you will see the "No attribute statement" message:

Code Block

../bin/aacli.sh --configDir=. --principal=jv11
No attribute statement.

For your IdP whose AA is configured to release uid, eduPersonPrincipalName, and eduPersonPrimaryAffiliation, successful results will look something like this:

Code Block

../bin/aacli.sh --configDir=. --principal=jv11

<?xml version="1.0" encoding="UTF-8"?><saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
   <saml:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jv11</saml:AttributeValue>
   </saml:Attribute>
   <saml:Attribute FriendlyName="eduPersonPrimaryAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">staff</saml:AttributeValue>
   </saml:Attribute>
   <saml:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jv11@cornell.edu</saml:AttributeValue>
   </saml:Attribute>
</saml:AttributeStatement>

Example command to see what attributes would be released to the testshib.org service provider, whose entity ID is https://sp.testshib.org/shibboleth-sp:

Code Block

../bin/aacli.sh --principal=jv11 --configDir=../conf --requester=https://sp.testshib.org/shibboleth-sp

...