Configuration GuidesFederation Security Services GuideUse SAML 2.0 Provider Metadata To Simplify ConfigurationExport Metadata Tool › Command Options for smfedexport

Previous Topic: Run the smfedexport Tool

Next Topic: smfedexport Tool Examples
Command Options for smfedexport

The smfedexport command line options are listed in the table that follows:

Option

Description

Values

-acs

Assertion Consumer Service URL

URL

-acsindex

Assertion Consumer Service index value

integer

-acsisdef

Makes the immediately preceding Assertion Consumer Service the default.

none

-acsbinding

SAML protocol binding for the Assertion Consumer Service.

 
  • ART (for artifact)
  • POST (for POST)
  • PAOS (for Reverse SOAP - ECP)

-ars

Artifact Resolution Service

URL

-entityid

Represents the ID of the SP or IDP whose metadata you are exporting

URI

 

-expiredays

Days until the metadata document is no longer valid

integer, 0 is the default

A value of 0 indicates that the metadata document has no expiration and results in no "validUntil" elements being generated in the exported XML

-fwsurl

URL pointing to the FWS application.

URL in the form

http://host:port

-input

Full path to an existing XML file

string, no default

-output

Full path to an output XML file

Default values:

IDPSSODescriptor.xml

SPSSODescriptor.xml

-password

SiteMinder Administrator name

Requires the -username option

string, no default

-pubkey

Tells the Policy Server to include the certificate (public key) in the metadata. The partner site uses the public key for signature encryption and verification. This setting is optional because the metadata must not be signed.

true, if present

false otherwise

-reqsignauthr

Require signed AuthnRequests

true, if present

false otherwise

-schemebase

Points to an existing Service Provider. The settings for the profiles/bindings are taken from this provider.

Requires the following options:

-fwsurl

-username

-password

authentication scheme name

-spbase

Points to an existing Service Provider. The settings for the profiles/bindings are taken from this provider.

Requires the following options:

-fwsurl

-username

-password

Service Provider Name

-sign

Indicates whether the Policy Server signs the metadata. This setting is optional.

true, if present

false, otherwise

-sigalg

Designates the signature hashing algorithm SOA Security Manager uses to for signing assertions and assertion responses, single logout requests and responses

rsawithsha1

rsawithsha256

-signauthr

Indicates whether the SP signs AuthnRequests

true, if present

false, otherwise

-signingcertalias

Specifies the alias associated with the key/certificate pair that signs the metadata. The pair must be stored in the smkeydatabase.

This setting is an alternative to the default alias, defaultenterpriseprivatekey. If you do not enter a value for this option, the Policy Server uses the defaultenterpriseprivatekey alias to sign the metadata.

alias name

-slo

Single Logout Service URL

URL

-slobinding

HTTP binding used for single logout. HTTP Redirect binding is the only option.

 

-sso

Single sign-on service URL

URL

-ssobinding

SSO Service URL protocol binding
  • REDIR (for web SSO)
  • SOAP (for ECP)

-type

(Required)

Entity type of the export file

saml2idp

sam2sp

-username

The SOA Security Manager Administrator name, which

requires the -password option.

string, no default