.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "IMPORTMETADATA 1p"
.TH IMPORTMETADATA 1p "2023-05-13" "perl v5.32.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
importMetadata \- Script to import SAML federation metadata into LL::NG configuration
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
importMetadata \-m <metadata \s-1URL\s0> [options]
.PP
Options:
.PP
.Vb 11
\&    \-m, \-\-metadata          URL of metadata document
\&    \-i, \-\-idpconfprefix     Prefix used to set IDP configuration key
\&    \-s, \-\-spconfprefix      Prefix used to set SP configuration key
\&    \-\-ignore\-sp             ignore SP matching this entityID (can be specified multiple times)
\&    \-\-ignore\-idp            ignore IdP matching this entityID (can be specified multiple times)
\&    \-a, \-\-nagios            output statistics in Nagios format
\&    \-r, \-\-remove            remove provider from LemonLDAP::NG if it does not appear in metadata
\&    \-n, \-\-dry\-run           print statistics but do not apply changes
\&    \-c, \-\-config\-file       use provided configuration file
\&    \-v, \-\-verbose           increase verbosity of output
\&    \-h, \-\-help              print full documentation
.Ve
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-m \f(BI\s-1URL\s0\fB\fR, \fB\-\-metadata=\f(BI\s-1URL\s0\fB\fR" 4
.IX Item "-m URL, --metadata=URL"
Specifies the <\s-1URL\s0> of the metadata document to import
.IP "\fB\-i \f(BI\s-1PREFIX\s0\fB\fR, \fB\-\-idpconfprefix=\f(BI\s-1PREFIX\s0\fB\fR" 4
.IX Item "-i PREFIX, --idpconfprefix=PREFIX"
Prefix each \s-1IDP\s0 found the metadata document with the <\s-1PREFIX\s0> when registring
them into LemonLDAP::NG
.IP "\fB\-s \f(BI\s-1PREFIX\s0\fB\fR, \fB\-\-spconfprefix=\f(BI\s-1PREFIX\s0\fB\fR" 4
.IX Item "-s PREFIX, --spconfprefix=PREFIX"
Prefix each \s-1SP\s0 found the metadata document with the <\s-1PREFIX\s0> when registring
them into LemonLDAP::NG
.IP "\fB\-\-ignore\-sp=\f(BI\s-1ENTITYID\s0\fB\fR" 4
.IX Item "--ignore-sp=ENTITYID"
Ignore the specified Service Provider <\s-1ENTITYID\s0>. It will not be added, updated
or deleted from LemonLDAP::NG configuration
.IP "\fB\-\-ignore\-idp=\f(BI\s-1ENTITYID\s0\fB\fR" 4
.IX Item "--ignore-idp=ENTITYID"
Ignore the specified Identity Provider <\s-1ENTITYID\s0>. It will not be added,
updated or deleted from LemonLDAP::NG configuration
.IP "\fB\-a\fR, \fB\-\-nagios\fR" 4
.IX Item "-a, --nagios"
After each run, print statistics about added/modified/deleted items in Nagios
format
.IP "\fB\-r\fR, \fB\-\-remove\fR" 4
.IX Item "-r, --remove"
If this option is used, after a successful import, existing SP/IDPs who match
the configuration prefix will be removed from LemonLDAP::NG if they were not
present in the imported metadata
.IP "\fB\-n\fR, \fB\-\-dry\-run\fR" 4
.IX Item "-n, --dry-run"
This option prevents the modified configuration from being saved. It can be used for testing.
.IP "\fB\-c\fR, \fB\-\-config\-file\fR" 4
.IX Item "-c, --config-file"
Using a configuration file lets you do advanced configuration on a global per-provider basis.
The configuration file is stored in .ini format. Here is an example file
.Sp
.Vb 8
\&    # main script options, these will be overriden by the CLI options
\&    [main]
\&    dry\-run=1
\&    verbose=1
\&    metadata=http://url/to/metadata.xml
\&    ; Multi\-value options
\&    ignore\-idp=entity\-id\-to\-ignore\-1
\&    ignore\-idp=entity\-id\-to\-ignore\-2
\&
\&    # Default exported attributes for IDPs
\&    [exportedAttributes]
\&    cn=0;cn
\&    eduPersonPrincipalName=0;eduPersonPrincipalName
\&    ...
\&
\&    # options that apply to all providers
\&    [ALL]
\&    ; Disable signature requirement on requests
\&    samlSPMetaDataOptionsCheckSSOMessageSignature=0
\&    samlSPMetaDataOptionsCheckSLOMessageSignature=0
\&    ; Store SAML assertions in session
\&    samlIDPMetaDataOptionsStoreSAMLToken=1
\&    ; Mark ePPN as always required
\&    attribute_required_eduPersonPrincipalName=1
\&    ...
\&
\&    # Specific provider configurations
\&    [https://test\-sp.federation.renater.fr]
\&    ; All attributes are optional for this provider
\&    attribute_required=0
\&    ; Override some options
\&    samlSPMetaDataOptionsNameIDFormat=persistent
\&
\&    [https://idp.renater.fr/idp/shibboleth]
\&    ; declare an extra attribute from this provider
\&    exported_attribute_eduPersonAffiliation=1;uid
.Ve
.IP "\fB\-v\fR, \fB\-\-verbose\fR" 4
.IX Item "-v, --verbose"
Increase verbosity during script execution
.IP "\fB\-h\fR, \fB\-\-help\fR" 4
.IX Item "-h, --help"
Displays the script's documentation
.SH "SEE ALSO"
.IX Header "SEE ALSO"
<http://lemonldap\-ng.org/>
.SH "AUTHORS"
.IX Header "AUTHORS"
.IP "Clement Oudot, <clement@oodo.net>" 4
.IX Item "Clement Oudot, <clement@oodo.net>"
.SH "BUG REPORT"
.IX Header "BUG REPORT"
Use \s-1OW2\s0 system to report bug or ask for features:
<https://gitlab.ow2.org/lemonldap\-ng/lemonldap\-ng/issues>
.SH "DOWNLOAD"
.IX Header "DOWNLOAD"
Lemonldap::NG is available at
<https://lemonldap\-ng.org/download>