We have a running configuration of forgerock and I want the configurion to be automated (configuration as code). We have the complete setup automated and the last part is the configuration.
I have succesfully managed to add the remote IDP in het setup (with the same call as below), but when I am adding the hosted SP it is added as hosted IDP instead of hosted SP.
What I did was reading the configuration and put that back in.
get current configuration
irm -uri “https://$server/realm-config/federation/entityproviders/saml2?_queryFilter=true”
“name”: "Entity Descriptor ",
irm -uri “https://$server/realm-config/federation/entityproviders/saml2?_action=create”
The code is part of the powershell script, where id, metadata and entityconfig variabels are grabbed from the reading part.
An example how to add a hosted SP is appreciated.
Are you sure you are reading the correct entity? The correct entity’s
entityConfig should clearly define the entity as an IDP, including things like the
IDPSSODescriptor in the
metadata and the
idpAccountMapper`` in the entityConfig``` (among numerous other items). Can you dump those values to a log file/stdout and review and/or share them here?
As an aside, may I ask why you are doing this all through a custom powershell script instead of utilizing Amster?
I am feeling really stupid right now. In the script there was also a parsing of the xml do determine the entityID. With that parsing I unintendently override the entity data string. I checked if I correctly typed the name, print the value, but a couple of lines later I messed up by reassigning the variable with the wrong (read IDP) config.
Fixing that mistake results in a SP added instead of an IDP
The reason I am not using amster is because the implementation is part of an other product with no amster commandline tooling available.
Thanks for pointing me in the right direction mwtech.