10 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
11 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
12 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
14 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
15 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
16 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
17 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
18 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
19 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
21 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
22 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
24 while getopts a:c:e:f:h:n:o:s:t:u:12ADLN c
27 c) CERTS[${#CERTS[*]}]=$OPTARG;;
29 f) FORMATS[${#FORMATS[*]}]=$OPTARG;;
30 h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
31 n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
33 a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
34 s) SUP[${#SUP[*]}]=$OPTARG;;
35 t) TECH[${#TECH[*]}]=$OPTARG;;
43 \?) echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
48 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
49 echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
53 if [ ${#CERTS[*]} -eq 0 ] ; then
54 CERTS[${#CERTS[*]}]=sp-cert.pem
60 echo Certificate file $c does not exist!
65 if [ -z $ENTITYID ] ; then
66 ENTITYID=https://${HOSTS[0]}/shibboleth
69 # Establish protocols and bindings.
71 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
76 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
78 SLO[${#SLO[*]}]=$SAML20SOAP
79 SLO[${#SLO[*]}]=$SAML20REDIRECT
80 SLO[${#SLO[*]}]=$SAML20POST
81 SLOLOC[${#SLOLOC[*]}]="SOAP"
82 SLOLOC[${#SLOLOC[*]}]="Redirect"
83 SLOLOC[${#SLOLOC[*]}]="POST"
84 if [ $ARTIFACT -eq 1 ] ; then
85 SLO[${#SLO[*]}]=$SAML20ART
86 SLOLOC[${#SLOLOC[*]}]="Artifact"
90 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
91 PROTENUM="$SAML20PROT $SAML11PROT $SAML10PROT"
92 elif [ $SAML1 -eq 1 ] ; then
93 PROTENUM="$SAML11PROT $SAML10PROT"
95 PROTENUM="$SAML20PROT"
98 if [ $SAML2 -eq 1 ] ; then
99 ACS[${#ACS[*]}]=$SAML20POST
100 ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
101 ACS[${#ACS[*]}]=$SAML20POSTSS
102 ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
103 if [ $ARTIFACT -eq 1 ] ; then
104 ACS[${#ACS[*]}]=$SAML20ART
105 ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
107 ACS[${#ACS[*]}]=$SAML20PAOS
108 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
111 if [ $SAML1 -eq 1 ] ; then
112 ACS[${#ACS[*]}]=$SAML1POST
113 ACSLOC[${#ACSLOC[*]}]="SAML/POST"
114 if [ $ARTIFACT -eq 1 ] ; then
115 ACS[${#ACS[*]}]=$SAML1ART
116 ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
120 if [ $SAML2 -eq 1 ] ; then
121 ACS[${#ACS[*]}]=$SAML20PAOS
122 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
126 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="${ENTITYID}">
127 <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
131 if [ $DS -eq 1 ] ; then
141 <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
146 for h in ${NAKEDHOSTS[@]}
149 <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
171 </ds:X509Certificate>
178 for f in ${FORMATS[@]}
181 <md:NameIDFormat>$f</md:NameIDFormat>
186 if [ $LOGOUT -eq 1 ] ; then
191 while [ $count -lt ${#SLO[*]} ]
194 <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
200 for h in ${NAKEDHOSTS[@]}
203 while [ $count -lt ${#SLO[*]} ]
206 <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
216 if [ $NAMEIDMGMT -eq 1 ] ; then
221 while [ $count -lt ${#SLO[*]} ]
224 <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
230 for h in ${NAKEDHOSTS[@]}
233 while [ $count -lt ${#SLO[*]} ]
236 <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
249 while [ $count -lt ${#ACS[*]} ]
252 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
259 for h in ${NAKEDHOSTS[@]}
262 while [ $count -lt ${#ACS[*]} ]
265 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
273 </md:SPSSODescriptor>
276 if [ -n "$ORGNAME" ] ; then
277 if [ -z "$URL" ] ; then
282 <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
283 <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
284 <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
293 <md:ContactPerson contactType="administrative">
294 <md:GivenName>${c[0]}</md:GivenName>
295 <md:SurName>${c[1]}</md:SurName>
296 <md:EmailAddress>${c[2]}</md:EmailAddress>
305 <md:ContactPerson contactType="support">
306 <md:GivenName>${c[0]}</md:GivenName>
307 <md:SurName>${c[1]}</md:SurName>
308 <md:EmailAddress>${c[2]}</md:EmailAddress>
317 <md:ContactPerson contactType="technical">
318 <md:GivenName>${c[0]}</md:GivenName>
319 <md:SurName>${c[1]}</md:SurName>
320 <md:EmailAddress>${c[2]}</md:EmailAddress>
326 </md:EntityDescriptor>