mdquery

This is a tool for exercising the metadata configuration of an SP installation and performing the kinds of queries against the metadata that the SP itself performs during its operation.

Note that it doesn't actually route a request into the SP itself, but rather operates by loading enough of the configuration in its own process space to exercise that code.

Various parameters can be used to specify the query to perform. The output, if successful, is the XML associated with the metadata returned. Failure results in console-directed log messages and a negative return code.

The following general parameters are supported:

Option

Explanation

Option

Explanation

-e

entityID to lookup

-a

optional applicationId to use in acquiring metadata from SP configuration, if other than "default"

-nostrict

optional, allows expired metadata to be used

Optionally, additional parameters may be used to drill down to the role level

-r

name of the role element/type to lookup

-ns

XML namespace of the role element/type to lookup (defaults to the SAML 2.0 metadata namespace)

-p

a protocolSupportEnumeration value to use in finding the role of interest

-saml10

shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol"

-saml11

shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol"

-saml2

shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol"

-idp

shortcut for "-r IDPSSODescriptor"

-sp

shortcut for "-r SPSSODescriptor"

-aa

shortcut for "-r AttributeAuthorityDescriptor"

-pdp

shortcut for "-r PDPDescriptor"