Q&A: I need to create a SAML service provider with multi-values for LDAPattributes - what's the correct syntax?


I need to create a SAML service provider with multiple values for ldap attributes that are transmissioned to the service provider. Doing this via the UMC works, but I need a CLI version with udm - what’s the correct syntax?


The syntax for multi-value attributes can be a bit tricky. Rule of thumb: Always use --append instead of --set and be careful with whitespaces. An example:

udm saml/serviceprovider create \
 --position="cn=saml-serviceprovider,cn=univention,$(ucr get ldap/base)" \
 --set Identifier=Your-SAML-SP-Identifier \
 --set AssertionConsumerService="https://fqdn-of-your-sp.example.org/saml2/sp/acs" \
 --set singleLogoutService="https://fqdn-of-your-sp.example.org/saml2/sp/slo" \
 --set NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" \
 --set simplesamlNameIDAttribute=uid \
 --set signLogouts=TRUE \
 --set isActivated=TRUE \
 --set simplesamlAttributes=TRUE \
 --set attributesNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" \
 --append LDAPattributes="givenName Givenname" \
 --append LDAPattributes="sn Surname" \
 --append LDAPattributes="mail Emailaddress" \
 --append LDAPattributes='uid "Unique User Identifier"' \
 --append LDAPattributes="displayName Name"

Please note: The actual values depend on your service provider, especially the URLs and the name formats. This is just an example to illustrate how to use udm with LDAPattributes.

This topic was automatically closed after 24 hours. New replies are no longer allowed.