mdquery
- Rod Widdowson
- Scott Cantor
This is a tool for exercising the metadata configuration of an SP installation and performing the kinds of queries against the metadata that the SP itself performs during its operation.
Note that it doesn't actually route a request into the SP itself, but rather operates by loading enough of the configuration in its own process space to exercise that code.
Various parameters can be used to specify the query to perform. The output, if successful, is the XML associated with the metadata returned. Failure results in console-directed log messages and a negative return code.
The following general parameters are supported:
Option | Explanation |
|---|---|
-e | entityID to lookup |
-a | optional applicationId to use in acquiring metadata from SP configuration, if other than "default" |
-nostrict | optional, allows expired metadata to be used |
Optionally, additional parameters may be used to drill down to the role level | |
-r | name of the role element/type to lookup |
-ns | XML namespace of the role element/type to lookup (defaults to the SAML 2.0 metadata namespace) |
-p | a protocolSupportEnumeration value to use in finding the role of interest |
-saml10 | shortcut for "-p urn:oasis:names:tc:SAML:1.0:protocol" |
-saml11 | shortcut for "-p urn:oasis:names:tc:SAML:1.1:protocol" |
-saml2 | shortcut for "-p urn:oasis:names:tc:SAML:2.0:protocol" |
-idp | shortcut for "-r IDPSSODescriptor" |
-sp | shortcut for "-r SPSSODescriptor" |
-aa | shortcut for "-r AttributeAuthorityDescriptor" |
-pdp | shortcut for "-r PDPDescriptor" |