12 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
13 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
14 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
16 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
17 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
18 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
19 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
20 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
21 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
23 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
24 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
26 while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
29 c) CERTS[${#CERTS[*]}]=$OPTARG;;
31 f) FORMATS[${#FORMATS[*]}]=$OPTARG;;
32 h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
34 n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
36 a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
37 s) SUP[${#SUP[*]}]=$OPTARG;;
38 t) TECH[${#TECH[*]}]=$OPTARG;;
47 \?) echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
52 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
53 echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
57 if [ ${#CERTS[*]} -eq 0 ] ; then
58 CERTS[${#CERTS[*]}]=sp-cert.pem
64 echo Certificate file $c does not exist!
69 if [ -z $ENTITYID ] ; then
70 if [ ${#HOSTS[*]} -eq 0 ] ; then
71 ENTITYID=https://${NAKEDHOSTS[0]}/shibboleth
73 ENTITYID=https://${HOSTS[0]}/shibboleth
77 if [ ! -z $HOSTLIST ] ; then
78 if [ -s $HOSTLIST ] ; then
81 HOSTS[${#HOSTS[@]}]=$h
84 echo File with list of hostnames $l does not exist!
89 # Establish protocols and bindings.
91 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
96 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
98 SLO[${#SLO[*]}]=$SAML20SOAP
99 SLO[${#SLO[*]}]=$SAML20REDIRECT
100 SLO[${#SLO[*]}]=$SAML20POST
101 SLOLOC[${#SLOLOC[*]}]="SOAP"
102 SLOLOC[${#SLOLOC[*]}]="Redirect"
103 SLOLOC[${#SLOLOC[*]}]="POST"
104 if [ $ARTIFACT -eq 1 ] ; then
105 SLO[${#SLO[*]}]=$SAML20ART
106 SLOLOC[${#SLOLOC[*]}]="Artifact"
110 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
111 PROTENUM="$SAML20PROT $SAML11PROT"
112 elif [ $SAML1 -eq 1 ] ; then
113 PROTENUM="$SAML11PROT"
115 PROTENUM="$SAML20PROT"
118 if [ $SAML2 -eq 1 ] ; then
119 ACS[${#ACS[*]}]=$SAML20POST
120 ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
121 ACS[${#ACS[*]}]=$SAML20POSTSS
122 ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
123 if [ $ARTIFACT -eq 1 ] ; then
124 ACS[${#ACS[*]}]=$SAML20ART
125 ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
127 ACS[${#ACS[*]}]=$SAML20PAOS
128 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
131 if [ $SAML1 -eq 1 ] ; then
132 ACS[${#ACS[*]}]=$SAML1POST
133 ACSLOC[${#ACSLOC[*]}]="SAML/POST"
134 if [ $ARTIFACT -eq 1 ] ; then
135 ACS[${#ACS[*]}]=$SAML1ART
136 ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
140 if [ $DECLS -eq 1 ] ; then
141 DECLS="xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" "
142 if [ $DS -eq 1 ] ; then
143 DECLS="${DECLS}xmlns:disco=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" "
150 <md:EntityDescriptor ${DECLS}entityID="${ENTITYID}">
151 <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
155 if [ $DS -eq 1 ] ; then
165 <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
170 for h in ${NAKEDHOSTS[@]}
173 <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
195 </ds:X509Certificate>
202 for f in ${FORMATS[@]}
205 <md:NameIDFormat>$f</md:NameIDFormat>
210 if [ $LOGOUT -eq 1 ] ; then
215 while [ $count -lt ${#SLO[*]} ]
218 <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
224 for h in ${NAKEDHOSTS[@]}
227 while [ $count -lt ${#SLO[*]} ]
230 <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
240 if [ $NAMEIDMGMT -eq 1 ] ; then
245 while [ $count -lt ${#SLO[*]} ]
248 <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
254 for h in ${NAKEDHOSTS[@]}
257 while [ $count -lt ${#SLO[*]} ]
260 <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
273 while [ $count -lt ${#ACS[*]} ]
276 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
283 for h in ${NAKEDHOSTS[@]}
286 while [ $count -lt ${#ACS[*]} ]
289 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
297 </md:SPSSODescriptor>
300 if [ -n "$ORGNAME" ] ; then
301 if [ -z "$URL" ] ; then
306 <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
307 <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
308 <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
314 for (( i=0; i<count; i++ ))
316 IFS="/"; declare -a c=(${ADMIN[$i]})
318 <md:ContactPerson contactType="administrative">
319 <md:GivenName>${c[0]}</md:GivenName>
320 <md:SurName>${c[1]}</md:SurName>
321 <md:EmailAddress>${c[2]}</md:EmailAddress>
327 for (( i=0; i<count; i++ ))
329 IFS="/"; declare -a c=(${SUP[$i]})
331 <md:ContactPerson contactType="support">
332 <md:GivenName>${c[0]}</md:GivenName>
333 <md:SurName>${c[1]}</md:SurName>
334 <md:EmailAddress>${c[2]}</md:EmailAddress>
340 for (( i=0; i<count; i++ ))
342 IFS="/"; declare -a c=(${TECH[$i]})
344 <md:ContactPerson contactType="technical">
345 <md:GivenName>${c[0]}</md:GivenName>
346 <md:SurName>${c[1]}</md:SurName>
347 <md:EmailAddress>${c[2]}</md:EmailAddress>
353 </md:EntityDescriptor>