G.1 nnmsamlconfig.ovpl
nnmsamlconfig.ovpl generates service provider (SP) metadata and Security Assertion Markup Language (SAML) authentication configuration on Network Node Manager i (NNMi).
SYNOPSIS
nnmsamlconfig.ovpl -spEntityID <spEntityID> -nameIDFormat <nameIDFormat> -idpMetadata <full path to idp metadata file> -aliasForSigning <alias> [-aliasForEncryption <aliasForEncryption> | -useSameAlias]
nnmsamlconfig.ovpl -help
DESCRIPTION
nnmsamlconfig.ovpl command generates SP metadata (nnm_spmetadata.xml) and SAML configuration on NNMi.
On successful execution of the command, you can view the NNMi service provider metadata file created in the following directories:
-
Windows: %NnmDataDir%\nmsas\NNM\conf\nnm_spmetadata.xml
-
Linux: $NnmDataDir/nmsas/NNM/conf/nnm_spmetadata.xml
- Note
-
Running the nnmsamlconfig.ovpl command will always overwrite the current SAML authentication configuration if it exists.
nnmsamlconfig.ovpl -help option displays the help. It shows various options and usage of the command.
Parameters
nnmsamlconfig.ovpl supports the following options:
- -spEntityID <spEntityID>
-
Unique name for identifying NNMi as a SAML service provider (SP) at the identity provider (IdP). The fully qualified domain name (FQDN) or URL of this server.
- -nameIDFormat <nameIDFormat>
-
Specify the optional SAML NameID format for the username (Subject NameID field). If specified, it must match the supported formats (see supported NameID formats) and the selection on the IdP.
The default value is urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Supported NameID formats:
-
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
-
urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
-
urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
-
urn:oasis:names:tc:SAML:2.0:nameid-format:entity
-
urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
-
- -idpMetadata <full path to idp metadata file>
-
Location of metadata file provided by the IdP contains configuration and certificates used by NNMi for communication with the IdP.
- -aliasForSigning <aliasForSigning>
-
Alias of the certificate used to sign the SAML Requests sent by NNMi.
- -aliasForEncryption <aliasForEncryption>
-
Alias of the certificate used by the IdP to encrypt responses to NNMi.
- -useSameAlias
-
Use this option if you want to use the same certificate for both signing and encryption.
- -help
-
Displays the usage of the command.
Additional Parameters
- -jndiHost <hostname>
-
The server jndi host; default value is localhost
- -jndiPort <port>
-
The server jndi port; default value is 1099
- -p <password>
-
Supply the NNMi administrator password to run the script. This script requires the NNMi administrator password.
- -u <username>
-
Supply the NNMi administrator username to run the script. This script requires the NNMi administrator username.
EXAMPLES
Linux and Windows:
nnmsamlconfig.ovpl -spEntityID <mfserver.net> -nameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:persistent -idpMetadata <metadata_File_location> -aliasForSigning <mfserver.net.selfsigned> -aliasForEncryption <mfserver.net.selfsigned>