Scroll to navigation

IMPORTMETADATA(1p) User Contributed Perl Documentation IMPORTMETADATA(1p)

NAME

importMetadata - Script to import SAML federation metadata into LL::NG configuration

SYNOPSIS

importMetadata -m <metadata URL> [options]

Options:

    -m, --metadata          URL of metadata document
    -i, --idpconfprefix     Prefix used to set IDP configuration key
    -s, --spconfprefix      Prefix used to set SP configuration key
    --ignore-sp             ignore SP matching this entityID (can be specified multiple times)
    --ignore-idp            ignore IdP matching this entityID (can be specified multiple times)
    -a, --nagios            output statistics in Nagios format
    -r, --remove            remove provider from LemonLDAP::NG if it does not appear in metadata
    -n, --dry-run           print statistics but do not apply changes
    -c, --config-file       use provided configuration file
    -v, --verbose           increase verbosity of output
    -h, --help              print full documentation

OPTIONS

Specifies the <URL> of the metadata document to import
Prefix each IDP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG
Prefix each SP found the metadata document with the <PREFIX> when registring them into LemonLDAP::NG
Ignore the specified Service Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration
Ignore the specified Identity Provider <ENTITYID>. It will not be added, updated or deleted from LemonLDAP::NG configuration
After each run, print statistics about added/modified/deleted items in Nagios format
If this option is used, after a successful import, existing SP/IDPs who match the configuration prefix will be removed from LemonLDAP::NG if they were not present in the imported metadata
This option prevents the modified configuration from being saved. It can be used for testing.
Using a configuration file lets you do advanced configuration on a global per-provider basis. The configuration file is stored in .ini format. Here is an example file

    # main script options, these will be overriden by the CLI options
    [main]
    dry-run=1
    verbose=1
    metadata=http://url/to/metadata.xml
    ; Multi-value options
    ignore-idp=entity-id-to-ignore-1
    ignore-idp=entity-id-to-ignore-2
    # Default exported attributes for IDPs
    [exportedAttributes]
    cn=0;cn
    eduPersonPrincipalName=0;eduPersonPrincipalName
    ...
    # options that apply to all providers
    [ALL]
    ; Disable signature requirement on requests
    samlSPMetaDataOptionsCheckSSOMessageSignature=0
    samlSPMetaDataOptionsCheckSLOMessageSignature=0
    ; Store SAML assertions in session
    samlIDPMetaDataOptionsStoreSAMLToken=1
    ; Mark ePPN as always required
    attribute_required_eduPersonPrincipalName=1
    ...
    # Specific provider configurations
    [https://test-sp.federation.renater.fr]
    ; All attributes are optional for this provider
    attribute_required=0
    ; Override some options
    samlSPMetaDataOptionsNameIDFormat=persistent
    [https://idp.renater.fr/idp/shibboleth]
    ; declare an extra attribute from this provider
    exported_attribute_eduPersonAffiliation=1;uid
    
Increase verbosity during script execution
Displays the script's documentation

SEE ALSO

<http://lemonldap-ng.org/>

AUTHORS

BUG REPORT

Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

DOWNLOAD

Lemonldap::NG is available at <https://lemonldap-ng.org/download>

2023-05-13 perl v5.32.1