About this task
You can use the wsadmin
command-line utility
to export the Security Assertion Markup Language (SAML) trust association
interceptor (TAI) service provider metadata to a file.
- Start the WebSphere Application Server.
- Start the
wsadmin
command utility from
the app_server_root/bin directory by entering
the command: wsadmin -lang jython
.
- At the
wsadmin
prompt, enter the following
command: AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/spdata.xml -ssoId 1')
You
can use the following parameters with this command:
Table 1. exportSAMLSpMetaData
parameters
Parameter |
Description |
-ssoId |
This parameter is optional if you have only
one SSO service provider partner. If you have more than one SSO service
provider partner, this parameter is required. It is the identifier
for the group of custom properties that are associated with the SSO
service provider partner. This parameter is specified as an integer. |
-securityDomainName |
This parameter specifies the name of the security
domain of interest. If a value for this parameter is not specified,
the command uses the global security configuration. This parameter
is specified as a String. |
-spMetadataFileName |
This parameter is required. Specify the fully-qualified
file name for the SAML service provider metadata. This parameter is
specified as a String. |
-wantAssertionsSigned |
This parameter is optional. Specify true if
you want SAML assertions to be signed. This parameter is specified
as a Boolean. |
-encryptionMethod |
This parameter is optional. It specifies the
encryption method. The default value is http://www.w3.org/2001/04/xmlenc#rsa-1_5 .
This parameter is specified as a String. |
The SAML TAI service provider metadata is now exported to
the specified file.
The following example exports the SAML service provider metadata
of SSO partner 1 from the global security SAML TAI configuration:AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/mySPmetadata.xml -ssoId 1')
The following example exports the SAML service provider
metadata of SSO service provider partner 1 from the security domain
myDomain1
:
AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/mySPmetadata.xml -ssoId 1 -securityDomainName myDomain1')