10 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
11 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
12 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
14 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
15 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
16 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
17 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
18 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
19 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
21 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
22 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
24 while getopts a:c:e:h:n:o:s:t:u:12ADLN c
27 c) CERTS[${#CERTS[*]}]=$OPTARG;;
29 h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
30 n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
32 a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
33 s) SUP[${#SUP[*]}]=$OPTARG;;
34 t) TECH[${#TECH[*]}]=$OPTARG;;
42 \?) echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
47 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
48 echo metagen -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
52 if [ ${#CERTS[*]} -eq 0 ] ; then
53 CERTS[${#CERTS[*]}]=sp-cert.pem
59 echo Certificate file $c does not exist!
64 if [ -z $ENTITYID ] ; then
65 ENTITYID=https://${HOSTS[0]}/shibboleth
68 # Establish protocols and bindings.
70 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
75 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
77 SLO[${#SLO[*]}]=$SAML20SOAP
78 SLO[${#SLO[*]}]=$SAML20REDIRECT
79 SLO[${#SLO[*]}]=$SAML20POST
80 SLOLOC[${#SLOLOC[*]}]="SOAP"
81 SLOLOC[${#SLOLOC[*]}]="Redirect"
82 SLOLOC[${#SLOLOC[*]}]="POST"
83 if [ $ARTIFACT -eq 1 ] ; then
84 SLO[${#SLO[*]}]=$SAML20ART
85 SLOLOC[${#SLOLOC[*]}]="Artifact"
89 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
90 PROTENUM="$SAML20PROT $SAML11PROT $SAML10PROT"
91 elif [ $SAML1 -eq 1 ] ; then
92 PROTENUM="$SAML11PROT $SAML10PROT"
94 PROTENUM="$SAML20PROT"
97 if [ $SAML2 -eq 1 ] ; then
98 ACS[${#ACS[*]}]=$SAML20POST
99 ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
100 ACS[${#ACS[*]}]=$SAML20POSTSS
101 ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
102 if [ $ARTIFACT -eq 1 ] ; then
103 ACS[${#ACS[*]}]=$SAML20ART
104 ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
106 ACS[${#ACS[*]}]=$SAML20PAOS
107 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
110 if [ $SAML1 -eq 1 ] ; then
111 ACS[${#ACS[*]}]=$SAML1POST
112 ACSLOC[${#ACSLOC[*]}]="SAML/POST"
113 if [ $ARTIFACT -eq 1 ] ; then
114 ACS[${#ACS[*]}]=$SAML1ART
115 ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
119 if [ $SAML2 -eq 1 ] ; then
120 ACS[${#ACS[*]}]=$SAML20PAOS
121 ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
125 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="${ENTITYID}">
126 <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
130 if [ $DS -eq 1 ] ; then
140 <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
145 for h in ${NAKEDHOSTS[@]}
148 <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
170 </ds:X509Certificate>
178 if [ $LOGOUT -eq 1 ] ; then
183 while [ $count -lt ${#SLO[*]} ]
186 <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
192 for h in ${NAKEDHOSTS[@]}
195 while [ $count -lt ${#SLO[*]} ]
198 <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
208 if [ $NAMEIDMGMT -eq 1 ] ; then
213 while [ $count -lt ${#SLO[*]} ]
216 <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
222 for h in ${NAKEDHOSTS[@]}
225 while [ $count -lt ${#SLO[*]} ]
228 <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
241 while [ $count -lt ${#ACS[*]} ]
244 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
251 for h in ${NAKEDHOSTS[@]}
254 while [ $count -lt ${#ACS[*]} ]
257 <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
265 </md:SPSSODescriptor>
268 if [ -n "$ORGNAME" ] ; then
269 if [ -z "$URL" ] ; then
274 <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
275 <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
276 <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
285 <md:ContactPerson contactType="administrative">
286 <md:GivenName>${c[0]}</md:GivenName>
287 <md:SurName>${c[1]}</md:SurName>
288 <md:EmailAddress>${c[2]}</md:EmailAddress>
297 <md:ContactPerson contactType="support">
298 <md:GivenName>${c[0]}</md:GivenName>
299 <md:SurName>${c[1]}</md:SurName>
300 <md:EmailAddress>${c[2]}</md:EmailAddress>
309 <md:ContactPerson contactType="technical">
310 <md:GivenName>${c[0]}</md:GivenName>
311 <md:SurName>${c[1]}</md:SurName>
312 <md:EmailAddress>${c[2]}</md:EmailAddress>
318 </md:EntityDescriptor>