vms modify_saml

  • Updated on Feb 13, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

This command modifies a new or existing Identity Provider (IDP).

Usage

vms modify_saml --idp-name IDP_NAME
               [--idp-entityid ENTITY_ID]
               [--encrypt-assertion]
               [--disable-encrypt-assertion]
               [--want-assertions-or-response-signed]
               [--force-authn]
               [--disable-force-authn]
               [--local-idp-metadata]
               [--idp-metadata-url METADATA_URL]
               [--remove-idp-metadata local|remote]
              

Required Parameters

--idp-name IDP_NAME

Specifies the name of the new IDP configuration, or the name of a previously configured IDP to modify. This field is used later for the SSO login URL for the SP (VMS).

Options

--idp-entityid ENTITY_ID

The unique identifier of the IDP entity.

--encrypt-assertion

This option is required if the IDP encrypts the assertion. If this option is used, you are prompted for the certificate and key.

--disable-encrypt-assertion

This option removes the certificate used in --encrypt-assertion files and the IDP configuration.

--want-assertions-or-response-signed

If this option is used the SP (VMS) will accept only a signed response or signed assertion from the IDP. VMS will fail the user authentication if an unsigned response is received. If this option is used, a certificate and key must be provided after executing the command.

--force-authn

Forces authentication with the IDP even if there is an active session with the IdP for the user.

--disable-force-authn

Disable the --force-authn option.

--local-idp-metadata

Use local metadata. If used, you are prompted for the metadata (must be in XML file format).

--idp-metadata-url METADATA_URL

Use metadata located at METADATA_URL. The URL is typically in the format: <https://<YourIDPURL>>/sso/saml/metadata

--remove-idp-metadata local|remote

This option will remove either the local or remote IDP metadata file. Specify which file to remove, local or remote.

For example: vms modify_saml --remove-idp-metadata local

Examples

vcli: admin> vms modify_saml --idp-name Okta --force-authn
This action will impact you saml login with Okta.
 Are you sure you want to continue? [y/N] y
Saml Config as been changed for Okta

vcli: admin> vms modify_saml --idp-name Okta --idp-metadata-url https://dev-46872236.okta.com/app/ekxm4bscg4RuruH8C5g7/sso/saml/metadata --idp-entityid http://www.okta.com/ewkh4aftf7NerrH4C5t1
This action will impact you saml login with Okta.
 Are you sure you want to continue? [y/N] y
Saml Config as been changed for Okta

With encrypted assertions (requires certificate):

vms modify_saml --idp-entityid http://www.okta.com/ewkh4aftf7NerrH4C5t1 --idp-metadata-url https://dev-46872236.okta.com/app/ekxm4bscg4RuruH8C5g7/sso/saml/metadata --idp-name Okta --encrypt_assertion
This action will impact your saml login with Okta.
Are you sure you want to continue? [y/N] y
Please enter idp signing certificate (ALT+ENTER/option+ENTER to finish):
PUT_CERTIFICATE_FILE_CONTENT
Please enter idp signing certificate key (ALT+ENTER/option+ENTER to finish):
PUT_KEY_FILE_CONTENT
Related articles
  • vms modify_saml
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 CLI Command Reference > vms commands
  • vms saml_modify
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 CLI Command Reference > vms commands
  • vms saml_modify
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 CLI Command Reference > vms commands