apm aaa saml-idp-automationΒΆ

apm aaa saml-idp-automation(1)				BIG-IP TMSH Manual			    apm aaa saml-idp-automation(1)

NAME
       saml-idp-automation - Specify SAML IdP automation configuration used to automate creation and management of 'IdP
       Connectors' from the remotely published metadata file(s).

MODULE
       apm aaa

SYNTAX
       Configure the saml-idp-automation component within the aaa module using the syntax shown in the following sections.

   CREATE/MODIFY
	create saml-idp-automation [name]
	modify saml-idp-automation [name]
	  options:
	   aaa-saml-server [string]
	   app-service [[string] | none]
	   connection-properties [add | delete | modify | none | replace-all-with] {
	       name [string] {
		   app-service [[string] | none]
		   dns-resolver-name [[string] | none]
		   serverssl-profile-name [[string] | none]
	       }
	   }
	   description [[string] | none]
	   frequency [integer]
	   idp-matching-source [string]
	   idp-obj-name-tag [string]
	   metadata-matching-tag [string]
	   metadata-urls {
	       [string]
	   }

	edit saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list saml-idp-automation
	list saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	show running-config saml-idp-automation
	show running-config saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    app-service
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete saml-idp-automation [name]

DESCRIPTION
       You can use saml-idp-automation to create and manage SAML IdP automation objects that are used to automate creation and
       management of 'IdP Connectors' from the remotely published metadata files.

EXAMPLES
       create saml-idp-automation my_idp_automation1 { aaa-saml-server my_saml_sp frequency 60 idp-matching-source
       "%{session.server.idpname}" metadata-matching-tag IdpName idp-obj-name-tag displayname metadata-urls add {
       https://f5.com/metadata.xml } connection-properties add { cp1 { dns-resolver-name myResolver serverssl-profile-name
       serverssl } } }
	    Creates a SAML IdP automation object named my_idp_automation1 bound to a SAML SP service my_saml_sp with frequency set
	    to 60 minutes, idp-matching-source as %{session.server.idpname}, metadata-matching-tag as IdpName, idp-obj-name-tag as
	    displayname, one entry for metadata-url as https://f5.com/metadata.xml and connection-properties with dns-resolver-
	    name as myResolver and serverssl-profile-name as serverssl.

       list saml-idp-automation
	    Displays a list of SAML IdP automation objects.

       delete saml-idp-automation my_idp_automation1
	    Deletes the my_idp_automation1 SAML IdP automation object.

OPTIONS
       aaa-saml-server
	    Specifies the AAA SAML server to which the IdP connectors created by this automation are bound.

       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
	    strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
	    object. Only the application service can modify or delete the object.

       connection-properties
	    Specifies the connection properties for fetching the metadata files. dns-resolver-name specifies the DNS resolver
	    object to be used and serverssl-profile-name specifies the SSL profile to be used by the BIG-IP system when connecting
	    to the server. Both DNS resolver and SSL profile should be configured if metadata files are located behind an SSL
	    protected endpoint.

       description
	    Specifies the description for the IdP automation object.

       frequency
	    The frequency in minutes at which APM polls the IdP metadata files and updates the IdP connectors and bindings to the
	    specified AAA SAML server. The default value is 60.

       idp-matching-source
	    Specifies the selection criteria for IdP connectors. It must be in session variable format. It is used in
	    configuration as a 'matching source' when binding created IdP connectors to configured AAA SAML server. At runtime,
	    the value of this session variable is compared to metadata-matching-tag to determine which IdP connector is used to
	    authenticate user.

       metadata-matching-tag
	    This value is used in combination with idp-matching-source. It is used in configuration as a 'matching value' when
	    binding created IdP connectors to configured AAA SAML server. At runtime, this value is compared against the value of
	    session variable idp-matching-source to determine which IdP connector is used to authenticate user.

       idp-obj-name-tag
	    Specifies the name of a tag within the metadata file that contains a value that APM includes in the names of the
	    created IdP connectors.

       metadata-urls
	    Specifies a list of one or more URLs containing the metadata files.

SEE ALSO
COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2012-2013, 2016, 2017. All rights reserved.

BIG-IP							    2017-07-27				    apm aaa saml-idp-automation(1)