#! /bin/sh
- # Added for Debian. The upstream version is installed in /etc/shibboleth and
- # for Debian we wanted to move it to /usr/bin, so change directories so that
- # it puts files in the correct location.
- cd /etc/shibboleth
++# Defaults added for Debian. They can still be overridden by command-line
++# options.
++OUT=/etc/shibboleth
++GROUP=_shibd
+
- while getopts h:e:y:bf c
+ while getopts h:u:g:o:e:y:bf c
do
case $c in
+ u) USER=$OPTARG;;
+ g) GROUP=$OPTARG;;
+ o) OUT=$OPTARG;;
b) BATCH=1;;
f) FORCE=1;;
h) FQDN=$OPTARG;;
-#! /bin/sh
+#! /bin/bash
- while getopts a:c:e:h:n:o:s:t: c
+ DECLS=1
+
+ SAML1=0
+ SAML2=0
+ ARTIFACT=0
+ DS=0
+ LOGOUT=0
+ NAMEIDMGMT=0
+
+ SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
+ SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
+ SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
+
+ SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+ SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+
+ SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+
+ while getopts a:c:e:f:h:n:o:s:t:u:12ADLNO c
do
case $c in
- c) CERTS[${#CERTS[*]}]=$OPTARG;;
- e) ENTITYID=$OPTARG;;
- h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
- n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
- o) ORGNAME=$OPTARG;;
- a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
- s) SUP[${#SUP[*]}]=$OPTARG;;
- t) TECH[${#TECH[*]}]=$OPTARG;;
- \?) echo metagen -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
- exit 1;;
+ c) CERTS[${#CERTS[*]}]=$OPTARG;;
+ e) ENTITYID=$OPTARG;;
+ f) FORMATS[${#FORMATS[*]}]=$OPTARG;;
+ h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
+ n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
+ o) ORGNAME=$OPTARG;;
+ a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
+ s) SUP[${#SUP[*]}]=$OPTARG;;
+ t) TECH[${#TECH[*]}]=$OPTARG;;
+ u) URL=$OPTARG;;
+ 1) SAML1=1;;
+ 2) SAML2=1;;
+ A) ARTIFACT=1;;
+ D) DS=1;;
+ L) LOGOUT=1;;
+ N) NAMEIDMGMT=1;;
+ O) DECLS=0;;
+ \?) echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
+ exit 1;;
esac
done
# define the appender
-log4j.appender.native_log=org.apache.log4j.RollingFileAppender
-log4j.appender.native_log.fileName=@-SHIRELOGDIR-@/native.log
-log4j.appender.native_log.maxFileSize=1000000
-log4j.appender.native_log.maxBackupIndex=10
-log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+# This is the default, but it's essentially useless under normal
+# circumstances since Apache doesn't have access to write to that
+# directory.
+#log4j.appender.native_log=org.apache.log4j.RollingFileAppender
+#log4j.appender.native_log.fileName=@-SHIRELOGDIR-@/native.log
+#log4j.appender.native_log.maxFileSize=1000000
+#log4j.appender.native_log.maxBackupIndex=10
- ##log4j.appender.native_log.layout=org.apache.log4j.BasicLayout
+#log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
+#log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
++#log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
++#log4j.appender.warn_log.fileName=@-SHIRELOGDIR-@/native_warn.log
++#log4j.appender.warn_log.maxFileSize=1000000
++#log4j.appender.warn_log.maxBackupIndex=10
++#log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
++#log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
++#log4j.appender.warn_log.threshold=WARN
-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
-log4j.appender.warn_log.fileName=@-SHIRELOGDIR-@/native_warn.log
-log4j.appender.warn_log.maxFileSize=1000000
-log4j.appender.warn_log.maxBackupIndex=10
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
+# Use syslog instead, since then at least the messages will go somewhere.
+# That facility is (3 << 3) or LOG_DAEMON, since log4cpp apparently
+# doesn't recognize symbolic log facilities.
+#
+# This is a Debian-specific change.
+log4j.appender.native_log=org.apache.log4j.LocalSyslogAppender
+log4j.appender.native_log.syslogName=shibboleth-sp
+log4j.appender.native_log.facility=24
+log4j.appender.native_log.layout=org.apache.log4j.BasicLayout
shibboleth-2.0-afp.xsd \
shibboleth-2.0-afp-mf-basic.xsd \
shibboleth-2.0-afp-mf-saml.xsd \
-- shibboleth-2.0-attribute-map.xsd \
- shibboleth-2.0-sp-notify.xsd
- WS-Trust.xsd
++ shibboleth-2.0-attribute-map.xsd
pkgxml_DATA = \
catalog.xml \
<system systemId="urn:mace:shibboleth:2.0:afp:mf:basic" uri="@-PKGXMLDIR-@/shibboleth-2.0-afp-mf-basic.xsd"/>
<system systemId="urn:mace:shibboleth:2.0:afp:mf:saml" uri="@-PKGXMLDIR-@/shibboleth-2.0-afp-mf-saml.xsd"/>
<system systemId="urn:mace:shibboleth:2.0:attribute-map" uri="@-PKGXMLDIR-@/shibboleth-2.0-attribute-map.xsd"/>
- <system systemId="urn:mace:shibboleth:2.0:sp:notify" uri="@-PKGXMLDIR-@/shibboleth-2.0-sp-notify.xsd"/>
<system systemId="urn:mace:shibboleth:1.0" uri="@-PKGXMLDIR-@/shibboleth.xsd"/>
+ <!-- WS-Trust.xsd has been removed from the Debian package because of license problems
<system systemId="http://schemas.xmlsoap.org/ws/2005/02/trust" uri="@-PKGXMLDIR-@/WS-Trust.xsd"/>
+ -->
</catalog>