resolvertest

This is a test program that can be used to exercise the attribute-processing subsystems and plugins in the SP to process a SAML assertion or a user's identifier.

Successful output consists of a textual summary of the resulting attribute information. Failure results in console-directed log messages and a negative return code.

To process a complete SAML assertion, it must be provided on the stdin stream. Otherwise, the following parameters must be used:

Parameter

Description

Parameter

Description

-n

a SAML name identifier value

-f

optional SAML name identifier format

-i

entityID of an IdP

-p

a protocolSupportEnumeration value to use in finding the IdP role in metadata

-saml10

shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol"

-saml11

shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol"

-saml2

shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol"

in either mode (parameterized of from an incoming SAML assertion:

Parameter

Description

Parameter

Description

-a

optional applicationId to use in applying SP configuration, if other than "default"

Examples

./resolvertest -n _9f2d9fd62aa99cc43bf483045aeac123 -i https://aai-logon.switch.ch/idp/shibboleth -saml2 -f urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

From which the output might be

uid: haemmerle affiliation: staff surname: Hämmerle givenName: Lukas homeOrganization: switch.ch uniqueID: 123456abcde@switch.ch homeOrganizationType: others gender: 1 persistent-id: https://aai-idp.switch.ch/idp/shibboleth!https://dieng.switch.ch/shibboleth!FQdaogdLEj0iZZTIfdS3svc52WE= mail: lukas.haemmerle@switch.ch