...
Parameter | Required / Optional | Use |
---|---|---|
--configDir | Required | Directory containing the configuration information for the system. If not specified and the |
--principal | Required | Principal name (user id) of the person to retrieve the attributes about |
--requester | Optional | The SAML entity ID that is requesting the attributes (entity ID of the Service Provider) |
--issuer | Optional | The SAML entity ID of the producer/issuer of the attributes |
--authnMethod | Optional | The authentication method URI that the principal was authenticated with |
--saml1 | Optional | A no-value argument that indicates the resulting attributes should be SAML 1 formated instead of SAML 2 |
--springExts | Optional | Colon-delimited list of files containing Spring extension configurations |
--help | Optional | Displays the help message for the tool |
...
Code Block | ||
---|---|---|
| ||
> ./aacli.sh --configDir=conf/ --principal=jsmith
OR
> bin\aacli.bat --configDir=conf/ --principal=jsmith --requester=http://example.org/sp --saml1
|
...
When no attributes would be released, you will see the "No attribute statement" message:
Code Block |
---|
../bin/aacli.sh --configDir=. --principal=jv11
No attribute statement.
|
For your IdP whose AA is configured to release uid, eduPersonPrincipalName, and eduPersonPrimaryAffiliation, successful results will look something like this:
Code Block |
---|
../bin/aacli.sh --configDir=. --principal=jv11
<?xml version="1.0" encoding="UTF-8"?><saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jv11</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="eduPersonPrimaryAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">staff</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jv11@cornell.edu</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
|
Example command to see what attributes would be released to the testshib.org service provider, whose entity ID is https://sp.testshib.org/shibboleth-sp:
Code Block |
---|
../bin/aacli.sh --principal=jv11 --configDir=../conf --requester=https://sp.testshib.org/shibboleth-sp
|
...