12 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
13 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
14 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
16 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
17 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
18 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
19 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
20 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
21 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
23 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
24 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
26 while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
29 c) CERTS[${#CERTS[*]}]=$OPTARG;;
31 f) FORMATS[${#FORMATS[*]}]=$OPTARG;;
32 h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
34 n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
36 a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
37 s) SUP[${#SUP[*]}]=$OPTARG;;
38 t) TECH[${#TECH[*]}]=$OPTARG;;
47 \?) echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
52 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
53 echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
57 if [ ${#CERTS[*]} -eq 0 ] ; then
58 CERTS[${#CERTS[*]}]=sp-cert.pem
64 echo Certificate file $c does not exist!
69 if [ -z $ENTITYID ] ; then
70 if [ ${#HOSTS[*]} -eq 0 ] ; then
71 ENTITYID=https://${NAKEDHOSTS[0]}/shibboleth
73 ENTITYID=https://${HOSTS[0]}/shibboleth
77 if [ -s $HOSTLIST ] ; then
80 HOSTS[${#HOSTS[@]}]=$h
83 echo File with list of hostnames $l does not exist!
87 # Establish protocols and bindings.
89 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
94 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
96 SLO[${#SLO[*]}]=$SAML20SOAP
97 SLO[${#SLO[*]}]=$SAML20REDIRECT
98 SLO[${#SLO[*]}]=$SAML20POST
99 SLOLOC[${#SLOLOC[*]}]="SOAP"
100 SLOLOC[${#SLOLOC[*]}]="Redirect"
101 SLOLOC[${#SLOLOC[*]}]="POST"
102 if [ $ARTIFACT -eq 1 ] ; then
103 SLO[${#SLO[*]}]=$SAML20ART
104 SLOLOC[${#SLOLOC[*]}]="Artifact"
108 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
109 PROTENUM="$SAML20PROT $SAML11PROT"
110 elif [ $SAML1 -eq 1 ] ; then
111 PROTENUM="$SAML11PROT"
113 PROTENUM="$SAML20PROT"
116 if [ $SAML2 -eq 1 ] ; then
117 ACS[${#ACS[*]}]=$SAML20POST
118 ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
119 ACS[${#ACS[*]}]=$SAML20POSTSS
120 ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
121 if [ $ARTIFACT -eq 1 ] ; then
122 ACS[${#ACS[*]}]=$SAML20ART
123 ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
125 ACS[${#ACS[*]}]=$SAML20PAOS
126 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
129 if [ $SAML1 -eq 1 ] ; then
130 ACS[${#ACS[*]}]=$SAML1POST
131 ACSLOC[${#ACSLOC[*]}]="SAML/POST"
132 if [ $ARTIFACT -eq 1 ] ; then
133 ACS[${#ACS[*]}]=$SAML1ART
134 ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
138 if [ $DECLS -eq 1 ] ; then
139 DECLS="xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" "
140 if [ $DS -eq 1 ] ; then
141 DECLS="${DECLS}xmlns:disco=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" "
148 <md:EntityDescriptor ${DECLS}entityID="${ENTITYID}">
149 <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
153 if [ $DS -eq 1 ] ; then
163 <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
168 for h in ${NAKEDHOSTS[@]}
171 <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
193 </ds:X509Certificate>
200 for f in ${FORMATS[@]}
203 <md:NameIDFormat>$f</md:NameIDFormat>
208 if [ $LOGOUT -eq 1 ] ; then
213 while [ $count -lt ${#SLO[*]} ]
216 <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
222 for h in ${NAKEDHOSTS[@]}
225 while [ $count -lt ${#SLO[*]} ]
228 <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
238 if [ $NAMEIDMGMT -eq 1 ] ; then
243 while [ $count -lt ${#SLO[*]} ]
246 <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
252 for h in ${NAKEDHOSTS[@]}
255 while [ $count -lt ${#SLO[*]} ]
258 <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
271 while [ $count -lt ${#ACS[*]} ]
274 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
281 for h in ${NAKEDHOSTS[@]}
284 while [ $count -lt ${#ACS[*]} ]
287 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
295 </md:SPSSODescriptor>
298 if [ -n "$ORGNAME" ] ; then
299 if [ -z "$URL" ] ; then
304 <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
305 <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
306 <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
312 for (( i=0; i<count; i++ ))
314 IFS="/"; declare -a c=(${ADMIN[$i]})
316 <md:ContactPerson contactType="administrative">
317 <md:GivenName>${c[0]}</md:GivenName>
318 <md:SurName>${c[1]}</md:SurName>
319 <md:EmailAddress>${c[2]}</md:EmailAddress>
325 for (( i=0; i<count; i++ ))
327 IFS="/"; declare -a c=(${SUP[$i]})
329 <md:ContactPerson contactType="support">
330 <md:GivenName>${c[0]}</md:GivenName>
331 <md:SurName>${c[1]}</md:SurName>
332 <md:EmailAddress>${c[2]}</md:EmailAddress>
338 for (( i=0; i<count; i++ ))
340 IFS="/"; declare -a c=(${TECH[$i]})
342 <md:ContactPerson contactType="technical">
343 <md:GivenName>${c[0]}</md:GivenName>
344 <md:SurName>${c[1]}</md:SurName>
345 <md:EmailAddress>${c[2]}</md:EmailAddress>
351 </md:EntityDescriptor>