apm aaa saml-idp-automation
apm aaa saml-idp-automation(1) BIG-IP TMSH Manual apm aaa saml-idp-automation(1)
NAME
saml-idp-automation - Specify SAML IdP automation configuration used to automate creation and management of
'IdP Connectors' from the remotely published metadata file(s).
MODULE
apm aaa
SYNTAX
Configure the saml-idp-automation component within the aaa module using the syntax shown in the following
sections.
CREATE/MODIFY
create saml-idp-automation [name]
modify saml-idp-automation [name]
options:
aaa-saml-server [string]
app-service [[string] | none]
connection-properties [add | delete | modify | none | replace-all-with] {
name [string] {
app-service [[string] | none]
dns-resolver-name [[string] | none]
serverssl-profile-name [[string] | none]
}
}
description [[string] | none]
frequency [integer]
idp-matching-source [string]
idp-obj-name-tag [string]
metadata-matching-tag [string]
metadata-urls {
[string]
}
edit saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list saml-idp-automation
list saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
show running-config saml-idp-automation
show running-config saml-idp-automation [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete saml-idp-automation [name]
DESCRIPTION
You can use saml-idp-automation to create and manage SAML IdP automation objects that are used to automate
creation and management of 'IdP Connectors' from the remotely published metadata files.
EXAMPLES
create saml-idp-automation my_idp_automation1 { aaa-saml-server my_saml_sp frequency 60 idp-matching-source
"%{session.server.idpname}" metadata-matching-tag IdpName idp-obj-name-tag displayname metadata-urls add {
https://f5.com/metadata.xml } connection-properties add { cp1 { dns-resolver-name myResolver serverssl-
profile-name serverssl } } }
Creates a SAML IdP automation object named my_idp_automation1 bound to a SAML SP service my_saml_sp with
frequency set to 60 minutes, idp-matching-source as %{session.server.idpname}, metadata-matching-tag as
IdpName, idp-obj-name-tag as displayname, one entry for metadata-url as https://f5.com/metadata.xml and
connection-properties with dns-resolver-name as myResolver and serverssl-profile-name as serverssl.
list saml-idp-automation
Displays a list of SAML IdP automation objects.
delete saml-idp-automation my_idp_automation1
Deletes the my_idp_automation1 SAML IdP automation object.
OPTIONS
aaa-saml-server
Specifies the AAA SAML server to which the IdP connectors created by this automation are bound.
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
connection-properties
Specifies the connection properties for fetching the metadata files. dns-resolver-name specifies the DNS
resolver object to be used and serverssl-profile-name specifies the SSL profile to be used by the BIG-IP
system when connecting to the server. Both DNS resolver and SSL profile should be configured if metadata
files are located behind an SSL protected endpoint.
description
Specifies the description for the IdP automation object.
frequency
The frequency in minutes at which APM polls the IdP metadata files and updates the IdP connectors and
bindings to the specified AAA SAML server. The default value is 60.
idp-matching-source
Specifies the selection criteria for IdP connectors. It must be in session variable format. It is used in
configuration as a 'matching source' when binding created IdP connectors to configured AAA SAML server.
At runtime, the value of this session variable is compared to metadata-matching-tag to determine which
IdP connector is used to authenticate user.
metadata-matching-tag
This value is used in combination with idp-matching-source. It is used in configuration as a 'matching
value' when binding created IdP connectors to configured AAA SAML server. At runtime, this value is
compared against the value of session variable idp-matching-source to determine which IdP connector is
used to authenticate user.
idp-obj-name-tag
Specifies the name of a tag within the metadata file that contains a value that APM includes in the names
of the created IdP connectors.
metadata-urls
Specifies a list of one or more URLs containing the metadata files.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2012-2013, 2016, 2017. All rights reserved.
BIG-IP 2017-07-27 apm aaa saml-idp-automation(1)