This is a test program that can be used to exercise the attribute-processing subsystems and plugins in the SP to process a SAML assertion or a user's identifier.
Successful output consists of a textual summary of the resulting attribute information. Failure results in console-directed log messages and a negative return code.
To process a complete SAML assertion, it must be provided on the stdin stream. Otherwise, the following parameters must be used:
-n |
a SAML name identifier value |
-f |
optional SAML name identifier format |
-i |
entityID of an IdP |
-a |
applicationID (if other than default application) |
-p |
a protocolSupportEnumeration value to use in finding the IdP role in metadata |
-saml10 |
shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol" |
-saml11 |
shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol" |
-saml2 |
shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol" |
In either mode:
-a |
optional applicationId to use in applying SP configuration, if other than "default" |
An example of executing the resolvertest is given below:
./resolvertest -n _9f2d9fd62aa99cc43bf483045aeac123 -i https://aai-logon.switch.ch/idp/shibboleth -saml2
The result of the processing will be to run the attribute extraction, filtering, and resolution subsystems against the input information. Support for queries comes from the use of the default resolution plugin. The output of the above command then could look like this:
./resolvertest -n FQdaogdLEj0iZZTIfdS3svc52WE= -f urn:oasis:names:tc:SAML:2.0:nameid-format:persistent -i https://aai-logon.switch.ch/idp/shibboleth -saml2 uid: haemmerle affiliation: staff surname: Hämmerle givenName: Lukas homeOrganization: switch.ch uniqueID: 123456abcde@switch.ch homeOrganizationType: others gender: 1 persistent-id: https://aai-idp.switch.ch/idp/shibboleth!https://dieng.switch.ch/shibboleth!FQdaogdLEj0iZZTIfdS3svc52WE= mail: lukas.haemmerle@switch.ch