NativeSPmdquery
This is a tool for exercising the metadata configuration of an SP installation and performing the kinds of queries against the metadata that the SP itself performs during its operation.
Various parameters can be used to specify the query to perform. The output, if successful, is the XML associated with the metadata returned. Failure results in console-directed log messages and a negative return code.
The following general parameters are supported:
-e |
entityID to lookup |
-a |
optional applicationId to use in acquiring metadata from SP configuration, if other than "default" |
-nostrict |
optional, allows expired metadata to be used |
Optionally, additional parameters may be used to drill down to the role level:
-r |
name of the role element/type to lookup |
-ns |
XML namespace of the role element/type to lookup (defaults to the SAML 2.0 metadata namespace) |
-p |
a protocolSupportEnumeration value to use in finding the signer's role |
-saml10 |
shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol" |
-saml11 |
shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol" |
-saml2 |
shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol" |
-idp |
shortcut for "-r IDPSSODescriptor" |
-sp |
shortcut for "-r SPSSODescriptor" |
-aa |
shortcut for "-r AttributeAuthorityDescriptor" |
-pdp |
shortcut for "-r PDPDescriptor" |