resolvertest
This is a test program that can be used to exercise the attribute-processing subsystems and plugins in the SP to process a SAML assertion or a user's identifier.
Successful output consists of a textual summary of the resulting attribute information. Failure results in console-directed log messages and a negative return code.
To process a complete SAML assertion, it must be provided on the stdin stream. Otherwise, the following parameters must be used:
Parameter | Description |
---|---|
-n | a SAML name identifier value |
-f | optional SAML name identifier format |
-i | entityID of an IdP |
-p | a protocolSupportEnumeration value to use in finding the IdP role in metadata |
-saml10 | shortcut for " |
-saml11 | shortcut for " |
-saml2 | shortcut for " |
in either mode (parameterized of from an incoming SAML assertion:
Parameter | Description |
---|---|
-a | optional applicationId to use in applying SP configuration, if other than "default" |
Examples
./resolvertest -n _9f2d9fd62aa99cc43bf483045aeac123 -i https://aai-logon.switch.ch/idp/shibboleth -saml2 -f urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
From which the output might be
uid: haemmerle
affiliation: staff
surname: Hämmerle
givenName: Lukas
homeOrganization: switch.ch
uniqueID: 123456abcde@switch.ch
homeOrganizationType: others
gender: 1
persistent-id: https://aai-idp.switch.ch/idp/shibboleth!https://dieng.switch.ch/shibboleth!FQdaogdLEj0iZZTIfdS3svc52WE=
mail: lukas.haemmerle@switch.ch