1IMPORTMETADATA(1) User Contributed Perl Documentation IMPORTMETADATA(1)
2
6 importMetadata - Script to import SAML federation metadata into LL::NG
7 configuration
8
10 importMetadata -m <metadata URL> [options]
11 Options:
13 -m, --metadata URL of metadata document
15 -i, --idpconfprefix Prefix used to set IDP configuration key
16 -s, --spconfprefix Prefix used to set SP configuration key
17 --ignore-sp ignore SP matching this entityID (can be specified multiple times)
18 --ignore-idp ignore IdP matching this entityID (can be specified multiple times)
19 -a, --nagios output statistics in Nagios format
20 -r, --remove remove provider from LemonLDAP::NG if it does not appear in metadata
21 -n, --dry-run print statistics but do not apply changes
22 -c, --config-file use provided configuration file
23 -v, --verbose increase verbosity of output
24 -h, --help print full documentation
25
27 -m URL, --metadata=URL
28 Specifies the <URL> of the metadata document to import
29 -i PREFIX, --idpconfprefix=PREFIX
31 Prefix each IDP found the metadata document with the <PREFIX> when
32 registring them into LemonLDAP::NG
33 -s PREFIX, --spconfprefix=PREFIX
35 Prefix each SP found the metadata document with the <PREFIX> when
36 registring them into LemonLDAP::NG
37 --ignore-sp=ENTITYID
39 Ignore the specified Service Provider <ENTITYID>. It will not be
40 added, updated or deleted from LemonLDAP::NG configuration
41 --ignore-idp=ENTITYID
43 Ignore the specified Identity Provider <ENTITYID>. It will not be
44 added, updated or deleted from LemonLDAP::NG configuration
45 -a, --nagios
47 After each run, print statistics about added/modified/deleted items
48 in Nagios format
49 -r, --remove
51 If this option is used, after a successful import, existing SP/IDPs
52 who match the configuration prefix will be removed from
53 LemonLDAP::NG if they were not present in the imported metadata
54 -n, --dry-run
56 This option prevents the modified configuration from being saved.
57 It can be used for testing.
58 -c, --config-file
60 Using a configuration file lets you do advanced configuration on a
61 global per-provider basis. The configuration file is stored in
62 .ini format. Here is an example file
63 # main script options, these will be overriden by the CLI options
65 [main]
66 dry-run=1
67 verbose=1
68 metadata=http://url/to/metadata.xml
69 ; Multi-value options
70 ignore-idp=entity-id-to-ignore-1
71 ignore-idp=entity-id-to-ignore-2
72 # Default exported attributes for IDPs
74 [exportedAttributes]
75 cn=0;cn
76 eduPersonPrincipalName=0;eduPersonPrincipalName
77 ...
78 # options that apply to all providers
80 [ALL]
81 ; Disable signature requirement on requests
82 samlSPMetaDataOptionsCheckSSOMessageSignature=0
83 samlSPMetaDataOptionsCheckSLOMessageSignature=0
84 ; Store SAML assertions in session
85 samlIDPMetaDataOptionsStoreSAMLToken=1
86 ; Mark ePPN as always required
87 attribute_required_eduPersonPrincipalName=1
88 ...
89 # Specific provider configurations
91 [https://test-sp.federation.renater.fr]
92 ; All attributes are optional for this provider
93 attribute_required=0
94 ; Override some options
95 samlSPMetaDataOptionsNameIDFormat=persistent
96 [https://idp.renater.fr/idp/shibboleth]
98 ; declare an extra attribute from this provider
99 exported_attribute_eduPersonAffiliation=1;uid
100 -v, --verbose
102 Increase verbosity during script execution
103 -h, --help
105 Displays the script's documentation
106
108 <http://lemonldap-ng.org/>
109
111 Clement Oudot, <clement@oodo.net>
112
114 Use OW2 system to report bug or ask for features:
115 <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
116
118 Lemonldap::NG is available at <https://lemonldap-ng.org/download>
119perl v5.36.1 2023-11-14 IMPORTMETADATA(1)