Versions Compared

Old Version 27

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 28

changes.mady.by.user Vlad Mencl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix minor typos

...

The MetadataGen plugin provides a command line to genetrate generate metadata based on a very shallow introspection of the IdP configuration properties.

...

  • The entityID (from idp.entityID )

  • The scope (from idp.scope)

  • The encryption certification certificate (from idp.encryption.cert)

  • The signing certificate used for attribute push (from idp.signing.cert)

...

Qualifier

Function

--DNSName name

Supplies the DNS name used within the URLs specifying the end points

--output <file>, -o <file>

Outputs the metadata to a file

--backchannel backChannel <file>

Specifies the path to the certificate protecting the back channel.
This is required to emit any SOAP end points (artifact, logout and attribute fetch).

+SAML1, +1

Include metadata for a SAML1 IdP.  SAML1 attribute fetch endpoints will be included, regardless of whether +attributeFetch is specified

-SAML2, -2

Supress the metadata for a SAML2 IdP

+SAMLSP, +SP

Include metadata for a SAML2 SP (for use in proxying)

+logout

Include SAML2 logout endpoints. 
If the --backChannel  option is present the SOAP endpoint is also included

+artifact

Include the artifact resolution endpoints (requires --backChannel)

+attributeFetch

Include the SAML2 attribute fetch endpoints (requires --backChannel)

--propertyFiles <file>,<file>...

Additional property files.

...

Property

Description

idp.metadata.dnsname

Supplies the DNS name used within the URLs specifying the end points. 
This should not be used in conjunction with the --DNSName  qualifier .

idp.metadata.backchannel.cert

Specifies the path to the certificate protecting the back channel.
This should not be used in conjunction with the --backChannel qualifier.

idp.metadata.idpsso.mdui.logo.path

Specifies the path part of the URL which describes a logo for the IdP. 
The protocol is hard wired to be https://  and the DNS name is used for the host.

The <mdui:Logo> is always  emitted.  If this is absent then then a fixed path ('/path/to/loglogo') is used.

idp.metadata.idpsso.mdui.logo.height

The height (in pixels) of the logo.  Defaults to 80.

idp.metadata.idpsso.mdui.logo.width

The width (in pixels) of the logo.  Defaults to 80.

idp.metadata.idpsso.mdui.langs

A (space separated) list of languages used to lookup values formed appending each one to the name and description properties described below.

If this is absent then an <mdui:DisplayName/> and <mdui:Description> for the "en" language is emitted which you need to edit.

idp.metadata.idpsso.mdui.displayname.<lang>

Display name for the IdP in the specified language.

If this is absent for a language specified above then not <mdui:DisplayName> is emitted for that language

idp.metadata.idpsso.mdui.description.<lang>

Description for the IdP in the specified language.

If this is absent for a language specified above then not <mdui:Description> is emitted for that language

...