...
Info |
---|
You can the install the latest plugin version supported on your IdP version with |
Plugin | Plugin ID | Module(s) |
---|
Latest Version
Bug Reporting | ||
---|---|---|
Metadatagen | net.shibboleth.idp.plugin.metadatagen | idp.plugin.MetadataGen.plugin idp.plugin.MetadataGen.Templates.plugin |
Include Page | ||||
---|---|---|---|---|
|
...
Take care to wrap options containing whitespace in double quotes. The generator will automatically encode any XML-unsafe characters, so you should not pre-encode any of them.
Paremeter | Multiple? | Description |
---|---|---|
--file, --out | Output file to write to (stdout is used if not specified) | |
--batch-file, --batch | Path to a batch file of individual commands to execute (see section below) | |
--omit-namespaces | Prevents the generation of various XML namespace declarations in the root element, useful mainly for batches | |
--entityID, --client_id, --id | Populates the entityID attribute, generally required to produce meaningful output | |
--scope | Y | Populates |
--sp | Generates an | |
--idp | Generates an | |
--aa | Generates an | |
--want-assertions-signed, -w | Toggles on the | |
--nameid-format, -f | Y | Populates |
--certificate, --cert, -c | Y | Path to certificate file(s) intended for dual use (both signing and encryption) |
--signing, -x | Y | Path to certificate file(s) specific to signing only |
--encryption, -e | Y | Path to certificate file(s) specific to encryption only |
--sso | Y | Manually specifies |
--attribute-query, --query | Y | Manually specifies |
--artifact | Y | Manually specifies |
--logout | Y | Manually specifies |
--acs | Y | Manually specifies |
--layout-file, --layout | Path to a “layout template”, in effect a fragment of metadata containing an <md:EntityDescriptor> that specifies the endpoints to populate the output with (used in conjunction with the --hostname option) | |
--hostname, -h | Y | Specifies the hostname(s) to plug into the layout template specified with the --layout-file option |
--lang | Language tag to use for any i18n-supporting elements | |
--display-name, -y | Generates an | |
--description, -d | Generates an | |
--logo-url, --logo | Generates an | |
--logo-width, --width | Sets | |
--logo-height, --height | Sets | |
--org-name, -o | Generates | |
--org-url, -u | Generates | |
--contact-admin, -a | Y | Splits a string containing first/last/email on the forward slash character and generates a <md:ContactPerson> of the “administrative” type |
--contact-support, -s | Y | Splits a string containing first/last/email on the forward slash character and generates a <md:ContactPerson> of the “support” type |
--contact-tech, -t | Y | Splits a string containing first/last/email on the forward slash character and generates a <md:ContactPerson> of the “technical” type |
--entity-attr, --tag | Y | An expression of the form “name=value”, which will generate a |
The full set of options can be viewed with the --help
option.
...
Endpoint expressions are in the form <binding>/<location>
. The location portion may contain a scheme, or if none, the “https://” scheme will be applied automatically. The binding portion must be one of the following values:
Token | Protocol and Binding |
---|---|
Redirect | SAML 2.0, |
POST | SAML 2.0, |
SimpleSign | SAML 2.0, |
Artifact | SAML 2.0, |
SOAP | SAML 2.0, |
PAOS | SAML 2.0, |
POST1 | SAML 1.1, |
Artifact1 | SAML 1.1, |
SOAP1 | SAML 1.1, |
CAS | CAS, |
CAS (logout) | CAS, |
CASProxy | CAS, |
OIDC | OIDC/OAuth, |
Note that when endpoints require an index attribute, the generator will auto-generate those values by tracking them and incrementing the index. The indexes should not in general be used at runtime at thie point.
...