+

Search Tips   |   Advanced Search

Export SAML web service provider metadata using wsadmin

We can use wsadmin-line utility to export the Security Assertion Markup Language (SAML) trust association interceptor (TAI) service provider metadata to a file.

  1. Start the WAS.

  2. Start wsadmin utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.

  3. At the wsadmin prompt, enter the following command:

      AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/spdata.xml -ssoId 1')

    We can use the following parameters with this command:

    Parameter Description
    -ssoId Optional if we have only one SSO service provider partner. If we have more than one SSO service provider partner, this parameter is required. It is the identifier for the group of custom properties associated with the SSO service provider partner. This parameter is specified as an integer.
    -securityDomainName This parameter specifies the name of the security domain of interest. If a value for this parameter is not specified, the command uses the global security configuration. This parameter is specified as a String.
    -spMetadataFileName Required. Specify the fully-qualified file name for the SAML service provider metadata. This parameter is specified as a String.
    -wantAssertionsSigned Optional. Specify true if we want SAML assertions to be signed. This parameter is specified as a Boolean.
    -encryptionMethod Optional. It specifies the encryption method. The default value is http://www.w3.org/2001/04/xmlenc#rsa-1_5. This parameter is specified as a String.


Results

The SAML TAI service provider metadata is now exported to the specified file.


Example

The following example exports the SAML service provider metadata of SSO partner 1 from the global security SAML TAI configuration:

The following example exports the SAML service provider metadata of SSO service provider partner 1 from the security domain myDomain1: