projects / shibboleth / cpp-sp.git / blob
? search:


5178473bdc962602e93e914d83359cbcf69ef887
[shibboleth/cpp-sp.git] / configs / metagen.sh
1 #! /bin/sh
2
3 SAML1=0
4 SAML2=0
5 ARTIFACT=0
6 DS=0
7 LOGOUT=0
8 NAMEIDMGMT=0
9
10 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
11 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
12 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
13
14 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
15 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
16 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
17 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
18 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
19 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
20
21 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
22 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
23
24 while getopts a:c:e:h:n:o:s:t:u:12ADLN c
25      do
26          case $c in
27            c)   CERTS[${#CERTS[*]}]=$OPTARG;;
28            e)   ENTITYID=$OPTARG;;
29            h)   HOSTS[${#HOSTS[*]}]=$OPTARG;;
30            n)   NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
31            o)   ORGNAME=$OPTARG;;
32            a)   ADMIN[${#ADMIN[*]}]=$OPTARG;;
33            s)   SUP[${#SUP[*]}]=$OPTARG;;
34            t)   TECH[${#TECH[*]}]=$OPTARG;;
35            u)   URL=$OPTARG;;
36            1)   SAML1=1;;
37            2)   SAML2=1;;
38            A)   ARTIFACT=1;;
39            D)   DS=1;;
40            L)   LOGOUT=1;;
41            N)   NAMEIDMGMT=1;;
42            \?)  echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
43                 exit 1;;
44          esac
45      done
46
47 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
48     echo metagen -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
49     exit 1
50 fi
51
52 if [ ${#CERTS[*]} -eq 0 ] ; then
53     CERTS[${#CERTS[*]}]=sp-cert.pem
54 fi
55
56 for c in ${CERTS[@]}
57 do
58     if  [ ! -s $c ] ; then
59         echo Certificate file $c does not exist! 
60         exit 2
61     fi
62 done
63
64 if [ -z $ENTITYID ] ; then
65     ENTITYID=https://${HOSTS[0]}/shibboleth
66 fi
67
68 # Establish protocols and bindings.
69
70 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
71     SAML1=1
72     SAML2=1
73 fi
74
75 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
76     SAML2=1
77     SLO[${#SLO[*]}]=$SAML20SOAP
78     SLO[${#SLO[*]}]=$SAML20REDIRECT
79     SLO[${#SLO[*]}]=$SAML20POST
80     SLOLOC[${#SLOLOC[*]}]="SOAP"
81     SLOLOC[${#SLOLOC[*]}]="Redirect"
82     SLOLOC[${#SLOLOC[*]}]="POST"
83     if [ $ARTIFACT -eq 1 ] ; then
84         SLO[${#SLO[*]}]=$SAML20ART
85         SLOLOC[${#SLOLOC[*]}]="Artifact"
86     fi
87 fi
88
89 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
90     PROTENUM="$SAML20PROT $SAML11PROT $SAML10PROT"
91 elif [ $SAML1 -eq 1 ] ; then
92     PROTENUM="$SAML11PROT $SAML10PROT"
93 else
94     PROTENUM="$SAML20PROT"
95 fi
96
97 if [ $SAML2 -eq 1 ] ; then
98     ACS[${#ACS[*]}]=$SAML20POST
99     ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
100     ACS[${#ACS[*]}]=$SAML20POSTSS
101     ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
102     if [ $ARTIFACT -eq 1 ] ; then
103         ACS[${#ACS[*]}]=$SAML20ART
104         ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
105     fi
106     ACS[${#ACS[*]}]=$SAML20PAOS
107     ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
108 fi
109
110 if [ $SAML1 -eq 1 ] ; then
111     ACS[${#ACS[*]}]=$SAML1POST
112     ACSLOC[${#ACSLOC[*]}]="SAML/POST"
113     if [ $ARTIFACT -eq 1 ] ; then
114         ACS[${#ACS[*]}]=$SAML1ART
115         ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
116     fi
117 fi
118
119 if [ $SAML2 -eq 1 ] ; then
120     ACS[${#ACS[*]}]=$SAML20PAOS
121     ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
122 fi
123
124 cat <<EOF
125 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="${ENTITYID}">
126   <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
127 EOF
128
129 # Discovery BEGIN
130 if [ $DS -eq 1 ] ; then
131
132 cat << EOF
133     <md:Extensions>
134 EOF
135
136 count=1
137 for h in ${HOSTS[@]}
138 do
139   cat << EOF
140       <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
141 EOF
142   let "count++"
143 done
144
145 for h in ${NAKEDHOSTS[@]}
146 do
147   cat << EOF
148       <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
149 EOF
150   let "count++"
151 done
152
153 cat << EOF
154     </md:Extensions>
155 EOF
156
157 fi
158 # Discovery END
159
160 for c in ${CERTS[@]}
161 do
162 cat << EOF
163     <md:KeyDescriptor>
164       <ds:KeyInfo>
165         <ds:X509Data>
166           <ds:X509Certificate>
167 EOF
168 grep -v ^- $c
169 cat << EOF
170           </ds:X509Certificate>
171         </ds:X509Data>
172       </ds:KeyInfo>
173     </md:KeyDescriptor>
174 EOF
175 done
176
177 # Logout BEGIN
178 if [ $LOGOUT -eq 1 ] ; then
179
180 for h in ${HOSTS[@]}
181 do
182   count=0
183   while [ $count -lt ${#SLO[*]} ]
184   do
185     cat <<EOF
186     <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
187 EOF
188     let "count++"
189   done
190 done
191
192 for h in ${NAKEDHOSTS[@]}
193 do
194   count=0
195   while [ $count -lt ${#SLO[*]} ]
196   do
197     cat <<EOF
198     <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
199 EOF
200     let "count++"
201   done
202 done
203
204 fi
205 # Logout END
206
207 # NameID Mgmt BEGIN
208 if [ $NAMEIDMGMT -eq 1 ] ; then
209
210 for h in ${HOSTS[@]}
211 do
212   count=0
213   while [ $count -lt ${#SLO[*]} ]
214   do
215     cat <<EOF
216     <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
217 EOF
218     let "count++"
219   done
220 done
221
222 for h in ${NAKEDHOSTS[@]}
223 do
224   count=0
225   while [ $count -lt ${#SLO[*]} ]
226   do
227     cat <<EOF
228     <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
229 EOF
230     let "count++"
231   done
232 done
233
234 fi
235 # NameID Mgmt END
236
237 index=0
238 for h in ${HOSTS[@]}
239 do
240   count=0
241   while [ $count -lt ${#ACS[*]} ]
242   do
243     cat <<EOF
244     <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
245 EOF
246     let "count++"
247     let "index++"
248   done
249 done
250
251 for h in ${NAKEDHOSTS[@]}
252 do
253   count=0
254   while [ $count -lt ${#ACS[*]} ]
255   do
256     cat <<EOF
257     <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
258 EOF
259     let "count++"
260     let "index++"
261   done
262 done
263
264 cat <<EOF 
265   </md:SPSSODescriptor>
266 EOF
267
268 if [ -n "$ORGNAME" ] ; then
269   if [ -z "$URL" ] ; then
270     URL=$ENTITYID
271   fi
272   cat <<EOF
273   <md:Organization>
274     <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
275     <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
276     <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
277   </md:Organization>
278 EOF
279 fi
280
281 for c in ${ADMIN[@]}
282 do
283   c=(${c//\// })
284   cat <<EOF
285   <md:ContactPerson contactType="administrative">
286     <md:GivenName>${c[0]}</md:GivenName>
287     <md:SurName>${c[1]}</md:SurName>
288     <md:EmailAddress>${c[2]}</md:EmailAddress>
289   </md:ContactPerson>
290 EOF
291 done
292
293 for c in ${SUP[@]}
294 do
295   c=(${c//\// })
296   cat <<EOF
297   <md:ContactPerson contactType="support">
298     <md:GivenName>${c[0]}</md:GivenName>
299     <md:SurName>${c[1]}</md:SurName>
300     <md:EmailAddress>${c[2]}</md:EmailAddress>
301   </md:ContactPerson>
302 EOF
303 done
304
305 for c in ${TECH[@]}
306 do
307   c=(${c//\// })
308   cat <<EOF
309   <md:ContactPerson contactType="technical">
310     <md:GivenName>${c[0]}</md:GivenName>
311     <md:SurName>${c[1]}</md:SurName>
312     <md:EmailAddress>${c[2]}</md:EmailAddress>
313   </md:ContactPerson>
314 EOF
315 done
316
317 cat <<EOF 
318 </md:EntityDescriptor>
319 EOF
Unnamed repository; edit this file 'description' to name the repository.