.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "IMPORTMETADATA 1p" .TH IMPORTMETADATA 1p 2024-04-30 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME importMetadata \- Script to import SAML federation metadata into LL::NG configuration .SH SYNOPSIS .IX Header "SYNOPSIS" importMetadata \-m [options] .PP Options: .PP .Vb 11 \& \-m, \-\-metadata URL of metadata document \& \-i, \-\-idpconfprefix Prefix used to set IDP configuration key \& \-s, \-\-spconfprefix Prefix used to set SP configuration key \& \-\-ignore\-sp ignore SP matching this entityID (can be specified multiple times) \& \-\-ignore\-idp ignore IdP matching this entityID (can be specified multiple times) \& \-a, \-\-nagios output statistics in Nagios format \& \-r, \-\-remove remove provider from LemonLDAP::NG if it does not appear in metadata \& \-n, \-\-dry\-run print statistics but do not apply changes \& \-c, \-\-config\-file use provided configuration file \& \-v, \-\-verbose increase verbosity of output \& \-h, \-\-help print full documentation .Ve .SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-m \fR\f(BIURL\fR, \fB\-\-metadata=\fR\f(BIURL\fR\fB\fR" 4 .IX Item "-m URL, --metadata=URL" Specifies the of the metadata document to import .IP "\fB\-i \fR\f(BIPREFIX\fR, \fB\-\-idpconfprefix=\fR\f(BIPREFIX\fR\fB\fR" 4 .IX Item "-i PREFIX, --idpconfprefix=PREFIX" Prefix each IDP found the metadata document with the when registring them into LemonLDAP::NG .IP "\fB\-s \fR\f(BIPREFIX\fR, \fB\-\-spconfprefix=\fR\f(BIPREFIX\fR\fB\fR" 4 .IX Item "-s PREFIX, --spconfprefix=PREFIX" Prefix each SP found the metadata document with the when registring them into LemonLDAP::NG .IP \fB\-\-ignore\-sp=\fR\f(BIENTITYID\fR 4 .IX Item "--ignore-sp=ENTITYID" Ignore the specified Service Provider . It will not be added, updated or deleted from LemonLDAP::NG configuration .IP \fB\-\-ignore\-idp=\fR\f(BIENTITYID\fR 4 .IX Item "--ignore-idp=ENTITYID" Ignore the specified Identity Provider . It will not be added, updated or deleted from LemonLDAP::NG configuration .IP "\fB\-a\fR, \fB\-\-nagios\fR" 4 .IX Item "-a, --nagios" After each run, print statistics about added/modified/deleted items in Nagios format .IP "\fB\-r\fR, \fB\-\-remove\fR" 4 .IX Item "-r, --remove" If this option is used, after a successful import, existing SP/IDPs who match the configuration prefix will be removed from LemonLDAP::NG if they were not present in the imported metadata .IP "\fB\-n\fR, \fB\-\-dry\-run\fR" 4 .IX Item "-n, --dry-run" This option prevents the modified configuration from being saved. It can be used for testing. .IP "\fB\-c\fR, \fB\-\-config\-file\fR" 4 .IX Item "-c, --config-file" Using a configuration file lets you do advanced configuration on a global per-provider basis. The configuration file is stored in .ini format. Here is an example file .Sp .Vb 8 \& # main script options, these will be overriden by the CLI options \& [main] \& dry\-run=1 \& verbose=1 \& metadata=http://url/to/metadata.xml \& ; Multi\-value options \& ignore\-idp=entity\-id\-to\-ignore\-1 \& ignore\-idp=entity\-id\-to\-ignore\-2 \& \& # Default exported attributes for IDPs \& [exportedAttributes] \& cn=0;cn \& eduPersonPrincipalName=0;eduPersonPrincipalName \& ... \& \& # options that apply to all providers \& [ALL] \& ; Disable signature requirement on requests \& samlSPMetaDataOptionsCheckSSOMessageSignature=0 \& samlSPMetaDataOptionsCheckSLOMessageSignature=0 \& ; Store SAML assertions in session \& samlIDPMetaDataOptionsStoreSAMLToken=1 \& ; Mark ePPN as always required \& attribute_required_eduPersonPrincipalName=1 \& ... \& \& # Specific provider configurations \& [https://test\-sp.federation.renater.fr] \& ; All attributes are optional for this provider \& attribute_required=0 \& ; Override some options \& samlSPMetaDataOptionsNameIDFormat=persistent \& \& [https://idp.renater.fr/idp/shibboleth] \& ; declare an extra attribute from this provider \& exported_attribute_eduPersonAffiliation=1;uid .Ve .IP "\fB\-v\fR, \fB\-\-verbose\fR" 4 .IX Item "-v, --verbose" Increase verbosity during script execution .IP "\fB\-h\fR, \fB\-\-help\fR" 4 .IX Item "-h, --help" Displays the script's documentation .SH "SEE ALSO" .IX Header "SEE ALSO" .SH AUTHORS .IX Header "AUTHORS" .IP "Clement Oudot, " 4 .IX Item "Clement Oudot, " .SH "BUG REPORT" .IX Header "BUG REPORT" Use OW2 system to report bug or ask for features: .SH DOWNLOAD .IX Header "DOWNLOAD" Lemonldap::NG is available at