Federation Security Services GuideUse SAML 2.0 Provider Metadata To Simplify ConfigurationExport Metadata Tool › Run the smfedexport Tool

Previous Topic: Export Metadata Tool

Next Topic: Command Options for smfedexport

Run the smfedexport Tool

The smfedexport tool lets you export SAML 2.0 metadata to an XML file.

If you enter smfedexport without any command arguments, all the command arguments and their usage are displayed.

To run the smfedexport tool

  1. At the machine where you installed the Policy Server, open a command window.
  2. Enter the smfedexport command using the syntax associated with the task you want to complete:

    Note: Command arguments enclosed in square brackets [] are optional.

    To export a SAML 2.0 Identity Provider metadata file:

    smfedexport -type saml2idp [-entityid <entityid>] [-expiredays <num>] 
[-fwsurl <FWS Location> [-spbase <spname>] -username <SiteMinder Admin Name>
-password <SiteMinder Admin Password>]][-sign][-pubkey]
[-slo <SLO Service Location> -slobinding <REDIR>] [-reqsignauthr] 
[-sso <SSO Service Location> -ssobinding <REDIR|SOAP>]
[-ars <Artifact Resolution Service Location>][-output <file>]

    To export a SAML 2.0 Service Provider metadata file:

    smfedexport -type saml2sp [-entityid <entityid>] [-expiredays <num>] 
[-fwsurl <FWS Location> [-schemebase <Auth Scheme name>
-username <SiteMinder Admin Name> -password <SiteMinder Admin Password>]]
[-sign][-pubkey][-slo <SLO Service Location> -slobinding <REDIR>]
[-signauthr][-acs <Assertion Consumer Service> -acsbinding <ART|POST|PAOS>
-acsindex <num>][-acsisdef]][-output <file>]

    To sign an existing Metadata document:

    smfedexport -type (saml2sp|saml2idp) -sign -input <file> -output <file>

After running these command, an XML file will be produced. If the -type option is set to saml2idp, the default output file name is IDPSSODescriptor.xml. If the -type option is set to saml2sp, the default output file name is SPSSODescriptor.xml.

After the initial command options are processed by smfedexport, the tool prompts you for additional data based on the type of export file being generated. Any optional arguments not entered on the command-line have defined default values.

Note: If you are creating an IdP metadata file, you must have at least one Single Sign-on Service defined in the smfedexport command. If you are creating an SP metadata file, you must have at least one Assertion Consumer Service defined in the smfedexport command.

Copyright © 2010 CA. All rights reserved. Email CA about this topic