The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.


This is a tool for exercising the metadata configuration of an SP installation and performing the kinds of queries against the metadata that the SP itself performs during its operation.

Various parameters can be used to specify the query to perform. The output, if successful, is the XML associated with the metadata returned. Failure results in console-directed log messages and a negative return code.

The following general parameters are supported:


entityID to lookup


optional applicationId to use in acquiring metadata from SP configuration, if other than "default"


optional, allows expired metadata to be used

Optionally, additional parameters may be used to drill down to the role level:


name of the role element/type to lookup


XML namespace of the role element/type to lookup (defaults to the SAML 2.0 metadata namespace)


a protocolSupportEnumeration value to use in finding the signer's role


shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol"


shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol"


shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol"


shortcut for "-r IDPSSODescriptor"


shortcut for "-r SPSSODescriptor"


shortcut for "-r AttributeAuthorityDescriptor"


shortcut for "-r PDPDescriptor"