diff --git a/sync-metadata_script.rst b/sync-metadata_script.rst
index f2ab103..4a11887 100644
--- a/sync-metadata_script.rst
+++ b/sync-metadata_script.rst
@@ -20,6 +20,82 @@ Use the following command::
path_to_project/authentic2$ python manage.py sync-metadata file_name [options]
+Configuration of attributes
+===========================
+
+If a service provider has AttributeConsumingService nodes in its
+SPSSODescriptor then we create an attribute declaration for each declared
+attribute. If the attribute is optional, the attribute declaration is created
+disabled.
+
+Currently it only supports the LDAP and the LDAP attribute profile of SAML,
+i.e. SAML attribute names must be LDAP attributes oid, the NameFormat must be
+URI, and an LDAP server must declared so that LDAP attributes can be resolved.
+Authentic2 contains a databases of the more common LDAP schemas to help the
+resolution of attributes OIDs.
+
+Example of an AttributeConsumingService node::
+
+
+ Université Paris 1 - cours en ligne
+
+ Cours en ligne de l'université
+ Paris 1 Panthéon - Sorbonne (LMS Moodle)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+If you do not want the attribute declarations to be automatically created pass
+the option `--dont-load-attribute-consuming-service` to the `sync-metadata` command.
+
Options
=======
@@ -43,11 +119,9 @@ Options
**For reloading, a source can only be associated with a unique metadata
file. This is due to the fact that all providers of a source not found in
- the metadata file are removed.**
+ the metadata file are removed.** ::
-::
-
- path_to_project/authentic2$ python manage.py sync-metadata file_name --source=french_federation
+ path_to_project/authentic2$ python manage.py sync-metadata file_name --source=french_federation
* sp-policy
@@ -73,9 +147,9 @@ Options
of the script with this option.
The policy is then associated to all service providers created.
-::
+ ::
- path_to_project/authentic2$ python manage.py sync-metadata file_name --idp-policy=idp_policy_name
+ path_to_project/authentic2$ python manage.py sync-metadata file_name --idp-policy=idp_policy_name
* delete
@@ -88,3 +162,31 @@ Options
* ignore-errors
If loading of one EntityDescriptor fails, continue loading
+
+* reset-atributes
+
+ When loading shibboleth attribute filter policies, start by removing all
+ existing SAML attributes for each provider, beware that it will delete any
+ customization of the attribute policy for each service provider.
+
+* dont-load-attribute-consuming-service
+
+ Prevent loading of the attribute policy from AttributeConsumingService nodes
+ in the metadata file.
+
+* shibboleth-attribute-filter-policy
+
+ Path to a file containing an Attribute Filter Policy for the
+ Shibboleth IdP, that will be used to configure SAML attributes for
+ each provider. The following schema is supported::
+
+
+
+ [
+
+
+
+ ]*
+
+
+ Any other kind of attribute filter policy is unsupported.