Federation Security Services GuideUse SAML 2.0 Provider Metadata To Simplify ConfigurationExport Metadata Tool › Command Options for smfedexport

Previous Topic: Run the smfedexport Tool

Next Topic: smfedexport Tool Examples

Command Options for smfedexport

The smfedexport command-line options are listed in the table that follows:

Option

Description

Values

-acs

Assertion Consumer Service URL

URL

-acsindex

Assertion Consumer Service index value

integer

-acsisdef

Makes the immediately preceding Assertion Consumer Service the default.

none

-acsbinding

SAML protocol binding for the Assertion Consumer Service.

 
  • ART (for artifact)
  • POST (for POST)
  • PAOS (for Reverse SOAP - ECP)

-ars

Artifact Resolution Service

URL

-entityid

Represents the ID of the SP or IDP whose metadata you are exporting

URI

 

-expiredays

Days until the metadata document is no longer valid

integer, 0 is the default

A value of 0 indicates that the metadata document has no expiration and results in no "validUntil" elements being generated in the exported XML

-fwsurl

URL pointing to the FWS application.

URL in the form

http://host:port

-input

Full path to an existing XML file

string, no default

-output

Full path to an output XML file

Default values:

IDPSSODescriptor.xml

SPSSODescriptor.xml

-password

SiteMinder Administrator name

Requires the -username option

string, no default

-pubkey

Specifies that a public key certificate should be included in the metadata. This key will be used by the partner site for signature encryption and verification.

true, if present

false otherwise

-reqsignauthr

Require signed AuthnRequests

true, if present

false otherwise

-schemebase

Points to an existing Service Provider. The settings for the profiles/bindings are taken from this provider.

Requires the following options:

-fwsurl

-username

-password

authentication scheme name

-spbase

Points to an existing Service Provider. The settings for the profiles/bindings are taken from this provider.

Requires the following options:

-fwsurl

-username

-password

Service Provider Name

-sign

Indicates whether or not the metadata be signed

true, if present

false, otherwise

-signauthr

Indicates whether the SP sign its AuthnRequests

true, if present

false, otherwise

-slo

Single Logout Service URL

URL

-slobinding

HTTP binding used for single logout. HTTP Redirect binding is the only option.

 

-sso

Single Sign On Service URL

URL

-ssobinding

SSO Service URL protocol binding
  • REDIR (for Web SSO)
  • SOAP (for ECP)

-type

(Required)

Entity type of the export file.

saml2idp

sam2sp

-username

SiteMinder Administrator name

Requires the -password option

string, no default

Copyright © 2010 CA. All rights reserved. Email CA about this topic