Exporting SAML web service provider metadata using the wsadmin command-line utility

About this task

You can use the wsadmin command-line utility to export the Security Assertion Markup Language (SAML) trust association interceptor (TAI) service provider metadata to a file.

Procedure

  1. Start the WebSphere Application Server.
  2. Start the wsadmin command utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.
  3. At the wsadmin prompt, enter the following command: 
    AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/spdata.xml -ssoId 1')
    You can use the following parameters with this command:
    Table 1. exportSAMLSpMetaData parameters
    Parameter Description
    -ssoId This parameter is optional if you have only one SSO service provider partner. If you have more than one SSO service provider partner, this parameter is required. It is the identifier for the group of custom properties that are associated with the SSO service provider partner. This parameter is specified as an integer.
    -securityDomainName This parameter specifies the name of the security domain of interest. If a value for this parameter is not specified, the command uses the global security configuration. This parameter is specified as a String.
    -spMetadataFileName This parameter is required. Specify the fully-qualified file name for the SAML service provider metadata. This parameter is specified as a String.
    -wantAssertionsSigned This parameter is optional. Specify true if you want SAML assertions to be signed. This parameter is specified as a Boolean.
    -encryptionMethod This parameter is optional. It specifies the encryption method. The default value is https://www.w3.org/2001/04/xmlenc#rsa-1_5. This parameter is specified as a String.

Results

The SAML TAI service provider metadata is now exported to the specified file.

Example

The following example exports the SAML service provider metadata of SSO partner 1 from the global security SAML TAI configuration:
AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/mySPmetadata.xml -ssoId 1')
The following example exports the SAML service provider metadata of SSO service provider partner 1 from the security domain myDomain1:
AdminTask.exportSAMLSpMetadata('-spMetadataFileName /tmp/mySPmetadata.xml -ssoId 1 -securityDomainName myDomain1')