Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Attribute Authority, Command Line Interface

The Shibboleth Attribute Authority is the system that collects attributes, processes them, and then filters the information according to filter policies, SAML metadata information, and attribute query information. The attributes then encoded into SAML attribute statements which may be sent to a relying party. This command line interface allows deployers to exercise their configurations and view the information that would likely be sent back to the relying party. As it is not possible to specify every piece of information that goes into the attribute authority in a running system the results are only an approximation of what would really be returned.

Running the Command

The Attribute Authority, Command Line Interface (aacli) is located in the IDP_HOME/bin directory and is called aacli.sh on Unix systems and aacli.bat on Windows systems and may take the following information:

Parameter

Required / Optional

Use

--configDir

Required

Directory containing the configuration information for the system

--principal

Required

Principal name (user id) of the person to retrieve the attributes about

--requester

Optional

The SAML entity ID that is requesting the attributes

--issuer

Optional

The SAML entity ID of the producer/issuer of the attributes

--authnMethod

Optional

The authentication method URI that the principal was authenticated with

--saml1

Optional

A no-value argument that indicates the resulting attributes should be SAML 1 formated instead of SAML 2

--help

Optional

Displays the help message for the tool

  • No labels