Question
I need to create a SAML service provider with multiple values for ldap attributes that are transmissioned to the service provider. Doing this via the UMC works, but I need a CLI version with udm - what’s the correct syntax?
Answer
The syntax for multi-value attributes can be a bit tricky. Rule of thumb: Always use --append instead of --set and be careful with whitespaces. An example:
udm saml/serviceprovider create \
--position="cn=saml-serviceprovider,cn=univention,$(ucr get ldap/base)" \
--set Identifier=Your-SAML-SP-Identifier \
--set AssertionConsumerService="https://fqdn-of-your-sp.example.org/saml2/sp/acs" \
--set singleLogoutService="https://fqdn-of-your-sp.example.org/saml2/sp/slo" \
--set NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" \
--set simplesamlNameIDAttribute=uid \
--set signLogouts=TRUE \
--set isActivated=TRUE \
--set simplesamlAttributes=TRUE \
--set attributesNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" \
--append LDAPattributes="givenName Givenname" \
--append LDAPattributes="sn Surname" \
--append LDAPattributes="mail Emailaddress" \
--append LDAPattributes='uid "Unique User Identifier"' \
--append LDAPattributes="displayName Name"
Please note: The actual values depend on your service provider, especially the URLs and the name formats. This is just an example to illustrate how to use udm with LDAPattributes.