apm aaa saml-idp-automationΒΆ

apm aaa saml-idp-automation(1)BIG-IP TMSH Manualapm aaa saml-idp-automation(1)



NAME
       saml-idp-automation - Specify SAML IdP automation configuration used to
       automate creation and management of 'IdP Connectors' from the remotely
       published metadata file(s).

MODULE
       apm aaa

SYNTAX
       Configure the saml-idp-automation component within the aaa module using
       the syntax shown in the following sections.

   CREATE/MODIFY
	create saml-idp-automation [name]
	modify saml-idp-automation [name]
	  options:
	   aaa-saml-server [string]
	   app-service [[string] | none]
	   connection-properties [add | delete | modify | none | replace-all-with] {
	       name [string] {
		   app-service [[string] | none]
		   dns-resolver-name [[string] | none]
		   serverssl-profile-name [[string] | none]
	       }
	   }
	   description [[string] | none]
	   frequency [integer]
	   idp-matching-source [string]
	   idp-obj-name-tag [string]
	   metadata-matching-tag [string]
	   metadata-urls {
	       [string]
	   }

	edit saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list saml-idp-automation
	list saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	show running-config saml-idp-automation
	show running-config saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    app-service
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete saml-idp-automation [name]

DESCRIPTION
       You can use saml-idp-automation to create and manage SAML IdP
       automation objects that are used to automate creation and management of
       'IdP Connectors' from the remotely published metadata files.

EXAMPLES
       create saml-idp-automation my_idp_automation1 { aaa-saml-server
       my_saml_sp frequency 60 idp-matching-source "%{session.server.idpname}"
       metadata-matching-tag IdpName idp-obj-name-tag displayname metadata-
       urls add { https://f5.com/metadata.xml } connection-properties add {
       cp1 { dns-resolver-name myResolver serverssl-profile-name serverssl } }
       }
	    Creates a SAML IdP automation object named my_idp_automation1
	    bound to a SAML SP service my_saml_sp with frequency set to 60
	    minutes, idp-matching-source as %{session.server.idpname},
	    metadata-matching-tag as IdpName, idp-obj-name-tag as displayname,
	    one entry for metadata-url as https://f5.com/metadata.xml and
	    connection-properties with dns-resolver-name as myResolver and
	    serverssl-profile-name as serverssl.

       list saml-idp-automation
	    Displays a list of SAML IdP automation objects.

       delete saml-idp-automation my_idp_automation1
	    Deletes the my_idp_automation1 SAML IdP automation object.

OPTIONS
       aaa-saml-server
	    Specifies the AAA SAML server to which the IdP connectors created
	    by this automation are bound.

       app-service
	    Specifies the name of the application service to which the object
	    belongs. The default value is none. Note: If the strict-updates
	    option is enabled on the application service that owns the object,
	    you cannot modify or delete the object. Only the application
	    service can modify or delete the object.

       connection-properties
	    Specifies the connection properties for fetching the metadata
	    files. dns-resolver-name specifies the DNS resolver object to be
	    used and serverssl-profile-name specifies the SSL profile to be
	    used by the BIG-IP system when connecting to the server. Both DNS
	    resolver and SSL profile should be configured if metadata files
	    are located behind an SSL protected endpoint.

       description
	    Specifies the description for the IdP automation object.

       frequency
	    The frequency in minutes at which APM polls the IdP metadata files
	    and updates the IdP connectors and bindings to the specified AAA
	    SAML server. The default value is 60.

       idp-matching-source
	    Specifies the selection criteria for IdP connectors. It must be in
	    session variable format. It is used in configuration as a
	    'matching source' when binding created IdP connectors to
	    configured AAA SAML server. At runtime, the value of this session
	    variable is compared to metadata-matching-tag to determine which
	    IdP connector is used to authenticate user.

       metadata-matching-tag
	    This value is used in combination with idp-matching-source. It is
	    used in configuration as a 'matching value' when binding created
	    IdP connectors to configured AAA SAML server. At runtime, this
	    value is compared against the value of session variable idp-
	    matching-source to determine which IdP connector is used to
	    authenticate user.

       idp-obj-name-tag
	    Specifies the name of a tag within the metadata file that contains
	    a value that APM includes in the names of the created IdP
	    connectors.

       metadata-urls
	    Specifies a list of one or more URLs containing the metadata
	    files.

SEE ALSO
COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2012-2013, 2016, 2017. All rights
       reserved.



BIG-IP				  2017-07-27	apm aaa saml-idp-automation(1)