Categories:

System functions (System Control)

SYSTEM$MIGRATE_SAML_IDP_REGISTRATION

Migrates an existing SAML identity provider (i.e. IdP) configuration as defined by the account parameter SAML_IDENTITY_PROVIDER to a security integration.

如果账户参数 SAML_IDENTITY_PROVIDER 存在,SYSTEM$MIGRATE_SAML_IDP_REGISTRATION 使用 SAML_IDENTITY_PROVIDER 参数中的数据创建新的安全集成。

If the SAML_IDENTITY_PROVIDER account parameter is not present, the function fails. If this occurs, create a security integration where TYPE = SAML2 as shown in CREATE SECURITY INTEGRATION.

语法

SYSTEM$MIGRATE_SAML_IDP_REGISTRATION( '<integration_name>', '<issuer>' )

实参

integration_name

新 SAML2 安全集成的名称将由该函数创建。

请注意,整个名称必须放在单引号内。

必填。

issuer

IdP 的 EntityID /Issuer。

整个名称必须放在单引号内。

Required if not specified in the SAML_IDENTITY_PROVIDER parameter as the Issuer attribute.

Important

If the SAML_IDENTITY_PROVIDER parameter does not contain a value for Issuer, use your IdP’s metadata to locate the exact value. Depending on the IdP, you might be able to locate the issuer value through the user interface administrator settings, a URL your IdP provides, or by downloading the SAML federation metadata XML to a local file.

As a representative example, the following references detail how to locate the issuer value for Okta and Microsoft Entra ID:

示例

以下命令提供了一个示例,展示了如何迁移现有 IdP 配置:

SELECT SYSTEM$MIGRATE_SAML_IDP_REGISTRATION('my_fed_integration', 'http://my_idp.com');

输出:

+---------------------------------------------------------------------------------+
| SYSTEM$MIGRATE_SAML_IDP_REGISTRATION('MY_FED_INTEGRATION', 'HTTP://MY_IDP.COM') |
+---------------------------------------------------------------------------------+
| SUCCESS : [MY_FED_INTEGRATION] Fed SAML integration created                     |
+---------------------------------------------------------------------------------+

To view details about your migrated IdP, you can use the DESCRIBE command:

DESC INTEGRATION my_fed_integration;