smfedexport tool example non-functional

book

Article ID: 40580

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Problem:

We are trying to use the smfedexport tool to export SAML 2.0 metadata to an XML file. We are referencing the documentation, and following the example given for exporting an Identity Provider:

smfedexport -type saml2idp -entityid http://www.myidp.com/idp1 -expiredays 30 -sign -pubkey -slohttpredir http://www.mysite.com/affwebservices/public/saml2slo -reqsignauthr -ssoart http://www.mysite.com/affwebservices/public/saml2sso -artressvc http://www.mysite.com/affwebservices/saml2artifactresolution -output myidpdescription.xml

And the following example given for exporting a Service Provider:

smfedexport -type saml2sp -entityid http://www.myidp.com/sp1 -expiredays 30 -sign -pubkey -slohttpredir http://www.mysite.com/affwebservices/public/saml2slo -signauthr -aconsvcpost http://www.mysite.com/affwebservices/public/saml2assertionconsumer -aconsvcpostindex 12345 -output myidpdescription.xml

However, we are getting the following errors for exporting an Identity Provider:

ERROR: The command line option “-slohttpredir” is invalid

And the following errors for exporting a Service Provider:

ERROR: The command line option “-slohttpredir” is invalid

Environment:

Applies to all supported releases.

Cause:

The examples provided in the documentation in the “smfedexport Tool Examples” section is incorrect regarding exporting an Identity Provider and exporting a Service Provider.

Resolution:

Please use the following corrected smfedexport command as the example export for the Identity Provider:

smfedexport -type saml2idp -entityid http://www.myidp.com/idp1 -expiredays 30 -sign -pubkey -slo http://www.mysite.com/affwebservices/public/saml2slo -slobinding REDIR -reqsignauthr -sso http://www.mysite.com/affwebservices/public/saml2sso -ssobinding REDIR -ars http://www.mysite.com/affwebservices/saml2artifactresolution -output myidpdescription.xml

Please use the following corrected smfedexport command as the example export for the Service Provider:

smfedexport -type saml2sp -entityid http://www.myidp.com/sp1 -expiredays 30 -sign -pubkey -slo http://www.mysite.com/affwebservices/public/saml2authnrequest -slobinding REDIR -signauthr -acs http://www.mysite.com/affwebservices/public/saml2assertionconsumer -acsbinding POST -acsindex 12345 -output myspdescription.xml

 

Additional Information:

All other documentation described in the “Command Options for smfedexport” section is correct. Please refer to the documentation at the following:

https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?253122.html#o253331

Note: The functionality and syntax of smfedexport has not changed from 12.0 through 12.52 SP2.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: