Versions Compared

Old Version 1

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 2

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The IdP includes a command line tool included in older versions called "aacli", which stood for Attribute Authority Command Line Interface. The command line tool is a wrapper around a web interface that operates an administrative flow that runs the Attribute Resolver and Attribute Filter services, and produces output in various forms.

...

While this includes the production of a <NameID> or <NameIdentifier>, based on the overall configuration of the system, it will not account for the case of an SP explicitly requiring a particular format via its request messages.

Reference

V4.0 and upgraded systems include a bean defined in conf/admin/general-admin.xml to control aspects of the flow's behavior.

...

Sorting Output

Output may be sorted using jq or xq (part of yq).

To sort JSON : ... | jq 'walk( if type == "array" then sort else . end )'

To sort SAML : ... | xq -x 'walk( if type == "array" then sort else . end )'

On macOS, jq and xq may be installed using Homebrew brew install jq python-yq or MacPorts.

Reference

Expand
titleProperties (V4.1+)

The general properties configuring this flow via admin/admin.properties are:

Name

Default

Description

idp.resolvertest.logging

ResolverTest

Audit log identifier for flow

idp.resolvertest.accessPolicy

AccessByIPAddress

Name of access control policy for request authorization

idp.resolvertest.authenticated

false

Whether authentication should be performed prior to access control evaluation

idp.resolvertest.nonBrowserSupported

false

Whether the flow should allow for non-browser clients during authentication

idp.resolvertest.resolveAttributes

false

Whether attributes should be resolved prior to access control evaluation

Expand
titleFlow Descriptor XML (V4.1+)

To replace the internally defined flow descriptor bean, the following XML is required:

Code Block
languagexml
<util:list id="shibboleth.AvailableAdminFlows">
 
    <bean parent="shibboleth.AdminFlow"
        c:id="http://shibboleth.net/ns/profiles/resolvertest"
        p:loggingId="%{idp.resolvertest.logging:ResolverTest}"
        p:policyName="%{idp.resolvertest.accessPolicy:AccessByIPAddress}"
        p:nonBrowserSupported="%{idp.resolvertest.nonBrowserSupported:false}"
        p:authenticated="%{idp.resolvertest.authenticated:false}"
        p:resolveAttributes="%{idp.resolvertest.resolveAttributes:false}" />
 
</util:list>

In older versions and upgraded systems, this list is defined in conf/admin/general-admin.xml. In V4.1+, no No default version of the list is provided and it may simply be placed in conf/global.xml if needed.

How to sort output

Output may be sorted using jq or xq (part of yq).

To sort JSON : ... | jq 'walk( if type == "array" then sort else . end )'

To sort SAML : ... | xq -x 'walk( if type == "array" then sort else . end )'

...

.