{"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The MetadataGen plugin provides a command line to generate metadata based on a very shallow introspection of the IdP configuration properties.","type":"text"}]},{"type":"paragraph","content":[{"text":"Metadata generation can never be an automatic process. ","type":"text"},{"text":"Metadata ","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/CONCEPT/pages/928645459"}}]},{"text":"is a description of how you want your IdP to be viewed by others. This is significantly more than anything which can be created automatically. Nonetheless, much of the metadata is formulaic since things such as endpoints are usually standardized. The metadatagen command provides assistance in generating much of the standardized boilerplate.","type":"text"}]},{"type":"paragraph","content":[{"text":"The metadatagen command provides an basis for generator the metadata for your IdP. It does ","type":"text"},{"text":"extremely","type":"text","marks":[{"type":"em"}]},{"text":" limited introspection into the configuration and outputs metadata for the standard end points. This saves time and reduces the risk of cut and paste errors being introduced into your metadata.","type":"text"}]},{"type":"panel","attrs":{"panelType":"error"},"content":[{"type":"paragraph","content":[{"text":"This tools does ","type":"text"},{"text":"not","type":"text","marks":[{"type":"strong"}]},{"text":" output \"ready to use\" metadata and is a preliminary, ","type":"text"},{"text":"NOT","type":"text","marks":[{"type":"strong"}]},{"text":" an alternative, to editing your metadata prior to publishing it.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Plugin Installation","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Starting with IdP 4.2 you can the install the latest plugin version supported on your IdP version with","type":"text"},{"type":"hardBreak"},{"text":".\\plugin.sh -I","type":"text","marks":[{"type":"code"}]},{"text":" net.shibboleth.idp.plugin.metadatagen","type":"text"}]}]},{"type":"table","attrs":{"layout":"default","localId":"ab803176-5a19-470b-a7f8-7a0fbdcd294c"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[90.0]},"content":[{"type":"paragraph","content":[{"text":"Plugin","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[202.0]},"content":[{"type":"paragraph","content":[{"text":"Plugin ID","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Module(s)","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[106.0]},"content":[{"type":"paragraph","content":[{"text":"Latest Version","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[241.0]},"content":[{"type":"paragraph","content":[{"text":"Bug Reporting","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[90.0]},"content":[{"type":"paragraph","content":[{"text":"Metadatagen","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[202.0]},"content":[{"type":"paragraph","content":[{"text":"net.shibboleth.idp.plugin.metadatagen","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadatagen","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[106.0]},"content":[{"type":"paragraph","content":[{"text":"1.0.0: ","type":"text"},{"text":"download","type":"text","marks":[{"type":"link","attrs":{"href":"https://shibboleth.net/downloads/identity-provider/plugins/metadatagen/1.0.0/"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[241.0]},"content":[{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"https://shibboleth.atlassian.net/browse/JMETAGEN"}},{"text":" ","type":"text"}]}]}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"include","parameters":{"macroParams":{"":{"value":"PluginInstallation"}},"macroMetadata":{"macroId":{"value":"f526747b-16ed-4d92-9edf-a0eb14cc8841"},"schemaVersion":{"value":"1"},"title":"Include Page"}},"localId":"68f4c621-eaa4-4b87-98ae-e284b7808211"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"The generated metadata is based on an idea of the IdP's configuration sourced from two locations: configuration property files and the command line. Importantly, this tool does ","type":"text"},{"text":"not","type":"text","marks":[{"type":"em"}]},{"text":" consider anything about the ","type":"text"},{"text":"relying party configuration","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631678"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"The property files provide the following information:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The entityID (from ","type":"text"},{"text":"idp.entityID","type":"text","marks":[{"type":"code"}]},{"text":" )","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The scope (from ","type":"text"},{"text":"idp.scope","type":"text","marks":[{"type":"code"}]},{"text":")","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The encryption certificate (from ","type":"text"},{"text":"idp.encryption.cert)","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The signing certificate used for attribute push (from ","type":"text"},{"text":"idp.signing.cert)","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"paragraph","content":[{"text":"The command line is usually used to provide information to do with the web container ","type":"text"},{"text":"(","type":"text","marks":[{"type":"em"}]},{"text":"i.e. Jetty or Tomcat) configuration:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"--DNSName","type":"text","marks":[{"type":"code"}]},{"text":" specifies the DNS name (with a default of idp.example.org)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If present, ","type":"text"},{"text":"--backChannel ","type":"text","marks":[{"type":"code"}]},{"text":" provides the signing certificate use for back channel tasks.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"An additional property file can be used to specify the DNS name an backchannel path, additionally properties can be used to drive MDUI generation. This is described further below.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Command line options","type":"text"}]},{"type":"paragraph","content":[{"text":"With no command line options the tool prints to the screen the Metadata for a SAML2 IdP configured for attribute push only. Further options control adding or removing parts of the metadata","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"6665b944-3068-46b8-a7ab-5b1d509b2fe2"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"Qualifier","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Function","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"--DNSName name","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Supplies the DNS name used within the URLs specifying the end points","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"--output , -o ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Outputs the metadata to a file","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"--backChannel ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Specifies the path to the certificate protecting the back channel.","type":"text"},{"type":"hardBreak"},{"text":"This is required to emit any SOAP end points (artifact, logout and attribute fetch).","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"+SAML1, +1","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Include metadata for a SAML1 IdP. SAML1 attribute fetch endpoints will be included, regardless of whether ","type":"text"},{"text":"+attributeFetch","type":"text","marks":[{"type":"code"}]},{"text":" is specified","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"-SAML2, -2","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Supress the metadata for a SAML2 IdP","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"+SAMLSP, +SP","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Include metadata for a SAML2 SP (for use in proxying)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"+logout","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Include SAML2 logout endpoints. ","type":"text"},{"type":"hardBreak"},{"text":"If the ","type":"text"},{"text":"--backChannel","type":"text","marks":[{"type":"code"}]},{"text":" option is present the SOAP endpoint is also included","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"+artifact","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Include the artifact resolution endpoints (requires ","type":"text"},{"text":"--backChannel)","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"+attributeFetch","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Include the SAML2 attribute fetch endpoints (requires ","type":"text"},{"text":"--backChannel)","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[261.0]},"content":[{"type":"paragraph","content":[{"text":"--propertyFiles ,...","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1259.0]},"content":[{"type":"paragraph","content":[{"text":"Additional property files.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"The full set of options can be viewed with the ","type":"text"},{"text":"--help","type":"text","marks":[{"type":"code"}]},{"text":" option.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Advanced use and Property-driven installation","type":"text"}]},{"type":"paragraph","content":[{"text":"The parts of the metadata drawn from the IdP configuration are derived from the IdP configuration property files. Additional properties can be provided (via the ","type":"text"},{"text":"--propertyFiles","type":"text","marks":[{"type":"code"}]},{"text":" qualifier) to describe more about the IdP","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Remember that if ","type":"text"},{"text":"idp.searchForProperties","type":"text","marks":[{"type":"code"}]},{"text":" is set to true all property files under ","type":"text"},{"text":"idp/conf","type":"text","marks":[{"type":"code"}]},{"text":" will be loaded.","type":"text"}]}]},{"type":"table","attrs":{"layout":"full-width","localId":"d15d287a-5ada-4b87-823a-201513142be1"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Property","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.dnsname","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Supplies the DNS name used within the URLs specifying the end points. ","type":"text"},{"type":"hardBreak"},{"text":"This should not be used in conjunction with the ","type":"text"},{"text":"--DNSName","type":"text","marks":[{"type":"code"}]},{"text":" qualifier .","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.backchannel.cert","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Specifies the path to the certificate protecting the back channel.","type":"text"},{"type":"hardBreak"},{"text":"This should not be used in conjunction with the ","type":"text"},{"text":"--backChannel","type":"text","marks":[{"type":"code"}]},{"text":" qualifier.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.logo.path","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Specifies the path part of the URL which describes a logo for the IdP. ","type":"text"},{"type":"hardBreak"},{"text":"The protocol is hard wired to be ","type":"text"},{"text":"https://","type":"text","marks":[{"type":"code"}]},{"text":" and the DNS name is used for the host.","type":"text"}]},{"type":"paragraph","content":[{"text":"The is ","type":"text"},{"text":"always ","type":"text","marks":[{"type":"strong"}]},{"text":" emitted. If this is absent then then a fixed path ('/path/to/logo') is used.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.logo.height","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"The height (in pixels) of the logo. Defaults to 80.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.logo.width","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"The width (in pixels) of the logo. Defaults to 80.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.langs","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"A (space separated) list of languages used to lookup values formed appending each one to the name and description properties described below.","type":"text"}]},{"type":"paragraph","content":[{"text":"If this is absent then an and for the \"en\" language is emitted which you need to edit.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.displayname.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Display name for the IdP in the specified language.","type":"text"}]},{"type":"paragraph","content":[{"text":"If this is absent for a language specified above then not is emitted for that language","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metadata.idpsso.mdui.description.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1155.0]},"content":[{"type":"paragraph","content":[{"text":"Description for the IdP in the specified language.","type":"text"}]},{"type":"paragraph","content":[{"text":"If this is absent for a language specified above then not is emitted for that language","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Examples","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"Example Command Line","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"metadatagen +saml1 +sp --backChannel /opt/idp/credentials/idp-backchannel.crt --output myMetadata.xml","type":"text"}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":5},"content":[{"text":"Example Property File","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"java"},"content":[{"text":"idp.metadata.dnsname=ushib.example.org\nidp.metadata.backchannel.cert=/opt/idp/credentials/idp-backchannel.crt\n\nidp.metadata.idpsso.mdui.langs=en fr de\n\nidp.metadata.idpsso.mdui.displayname.fr=Université de Shibboleth\nidp.metadata.idpsso.mdui.displayname.en=Shibboleth University\nidp.metadata.idpsso.mdui.displayname.de=Universität Shibboleth\n\nidp.metadata.idpsso.mdui.description.fr=UShib\nidp.metadata.idpsso.mdui.description.de=UShib\nidp.metadata.idpsso.mdui.description.en=UShib\nidp.metadata.idpsso.mdui.logo.height=84\nidp.metadata.idpsso.mdui.logo.width=75\nidp.metadata.idpsso.mdui.logo.path=/the/to/path/logo.png","type":"text"}]},{"type":"paragraph","content":[{"type":"hardBreak"}]}],"version":1}

Browser not supported