MDQuery

This command permit us to check the availability of a saml entity in the IdP metadata store. The option -f can specify the output format, if saml2 (default) or json. It will print the entity metadata in the console.

./manage.py mdquery -e "http://sp1.testunical.it:8000/saml2/metadata/"
./manage.py mdquery -e "http://sp1.testunical.it:8000/saml2/metadata/" -f json

AACli

This feature will let us check wich attributes will be released to a specified Service Provider regarding a specified user.

./manage.py aacli -u mario -e https://sptest.auth.unical.it/saml2

example output:

SP Configuration:
{
  "processor": "uniauth_saml2_idp.processors.ldap.LdapUnicalMultiAcademiaProcessor",
  "attribute_mapping": {
    "cn": "cn",
    "codice_fiscale": "codice_fiscale",
    "displayName": "displayName",
    "eduPersonAffiliation": "eduPersonAffiliation",
    "eduPersonEntitlement": "eduPersonEntitlement",
    "eduPersonHomeOrganization": "eduPersonHomeOrganization",
    "eduPersonPrincipalName": "eduPersonPrincipalName",
    "eduPersonScopedAffiliation": "eduPersonScopedAffiliation",
    "eduPersonTargetedID": "eduPersonTargetedID",
    "email": [
      "mail",
      "email"
    ],
    "givenName": [
      "givenName",
      "another_possible_occourrence"
    ],
    "mail": [
      "mail",
      "email"
    ],
    "matricola_dipendente": "matricola_dipendente",
    "matricola_studente": "matricola_studente",
    "schacHomeOrganization": "schacHomeOrganization",
    "schacPersonalUniqueCode": "schacPersonalUniqueCode",
    "schacPersonalUniqueID": "schacPersonalUniqueID",
    "sn": "sn"
  },
  "force_attribute_release": false,
  "display_name": "http://sp1.testunical.it:8000/saml2/metadata/",
  "display_description": "",
  "display_agreement_message": "",
  "signing_algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
  "digest_algorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
  "disable_encrypted_assertions": true,
  "show_user_agreement_screen": true,
  "display_agreement_consent_form": false
}

TargetedID: 4b7dc8cc66796e63702f7baa73588f772191254801ab9369b7dfa883dbccad58
{
  "cn": [
    "mario rossi"
  ],
  "eduPersonEntitlement": [
    "urn:mace:terena.org:tcs:personal-user",
    "urn:mace:terena.org:tcs:escience-user",
    "urn:mace:dir:entitlement:common-lib-terms"
  ],
  "eduPersonPrincipalName": [
    "mario@testunical.it"
  ],
  "eduPersonScopedAffiliation": [
    "staff@testunical.it",
    "member@testunical.it",
    "member@altrodominio.it"
  ],
  "email": [
    "mario.rossi@testunical.it"
  ],
  "givenName": [
    "mario"
  ],
  "mail": [
    "mario.rossi@testunical.it"
  ],
  "schacHomeOrganization": [
    "testunical.it"
  ],
  "schacPersonalUniqueCode": [
    "urn:schac:personalUniqueCode:it:testunical.it:dipendente:1237403",
    "urn:schac:personalUniqueCode:it:testunical.it:studente:1234er"
  ],
  "schacPersonalUniqueID": [
    "urn:schac:personalUniqueID:it:CF:CODICEFISCALEmario"
  ],
  "sn": [
    "rossi"
  ],
  "codice_fiscale": "CODICEFISCALEmario"
}