...
-n | a SAML name identifier value | ||
-f | optional SAML name identifier format | ||
-i | entityID of an IdP | ||
-a | applicationID (if other than default application) | -p | a protocolSupportEnumeration value to use in finding the IdP role in metadata |
-saml10 | shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol" | ||
-saml11 | shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol" | ||
-saml2 | shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol" |
...
Code Block |
---|
./resolvertest -n _9f2d9fd62aa99cc43bf483045aeac123 -i https://aai-logon.switch.ch/idp/shibboleth -saml2 -f urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
The result of the processing will be to run the attribute extraction, filtering, and resolution subsystems against the input information. Support for queries comes from the use of the default resolution plugin. The output of the above command then could look like this:
Code Block |
---|
./resolvertest -saml2 -f urn:oasis:names:tc:SAML:2.0:nameid-format:persistent \ -i https://aai-logon.switch.ch/idp/shibboleth -n FQdaogdLEj0iZZTIfdS3svc52WE= uid: haemmerle affiliation: staff surname: Hämmerle givenName: Lukas homeOrganization: switch.ch uniqueID: 123456abcde@switch.ch homeOrganizationType: others gender: 1 persistent-id: https://aai-idp.switch.ch/idp/shibboleth!https://dieng.switch.ch/shibboleth!FQdaogdLEj0iZZTIfdS3svc52WE= mail: lukas.haemmerle@switch.ch |
Note | |||||||
---|---|---|---|---|---|---|---|
In order to make attribute request to an Attribute Autority using a persistent Identifier, the Shibboleth Identity Provider needs to configure a PrincipalConnector for the persistent Name Identifier format in the attribute-resolver.xml configuration:
Be sure to set the DataConnectorRef with the correct ID of a targetedID connector (e.g. "dc:ComputedId") |