[shibboleth-sp2] 89/89: Port back some enhancements to metagen script
Ferenc Wágner
wferi at moszumanska.debian.org
Thu Sep 1 09:24:14 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository shibboleth-sp2.
commit 403a0cf6748fe0da2e4a1e2b58a807d0dcfda28d
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Wed Aug 17 11:49:19 2016 -0400
Port back some enhancements to metagen script
---
configs/metagen.sh | 220 ++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 152 insertions(+), 68 deletions(-)
diff --git a/configs/metagen.sh b/configs/metagen.sh
index d616b1f..d21f8ba 100755
--- a/configs/metagen.sh
+++ b/configs/metagen.sh
@@ -2,10 +2,13 @@
DECLS=1
+TYPE="SHIB"
+
SAML1=0
SAML2=0
ARTIFACT=0
DS=0
+MDUI=0
LOGOUT=0
NAMEIDMGMT=0
@@ -23,7 +26,7 @@ SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
-while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
+while getopts a:c:e:f:h:l:n:o:s:t:u:y:d:T:12ADLNOU c
do
case $c in
c) CERTS[${#CERTS[*]}]=$OPTARG;;
@@ -37,6 +40,8 @@ while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
s) SUP[${#SUP[*]}]=$OPTARG;;
t) TECH[${#TECH[*]}]=$OPTARG;;
u) URL=$OPTARG;;
+ y) DISPLAYNAME=$OPTARG;;
+ d) DESC=$OPTARG;;
1) SAML1=1;;
2) SAML2=1;;
A) ARTIFACT=1;;
@@ -44,11 +49,25 @@ while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
L) LOGOUT=1;;
N) NAMEIDMGMT=1;;
O) DECLS=0;;
- \?) echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
+ T) TYPE=$OPTARG;;
+ U) MDUI=1;;
+ \?) echo metagen [-12ADLNOU] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
exit 1;;
esac
done
+if [ ! -z $HOSTLIST ] ; then
+ if [ -s $HOSTLIST ] ; then
+ while read h
+ do
+ HOSTS[${#HOSTS[@]}]=$h
+ done <$HOSTLIST
+ else
+ echo File with list of hostnames $l does not exist!
+ exit 2
+ fi
+fi
+
if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
exit 1
@@ -66,23 +85,21 @@ do
fi
done
-if [ -z $ENTITYID ] ; then
- if [ ${#HOSTS[*]} -eq 0 ] ; then
- ENTITYID=https://${NAKEDHOSTS[0]}/shibboleth
- else
- ENTITYID=https://${HOSTS[0]}/shibboleth
- fi
+if [ $TYPE == "SHIB" ] ; then
+ EIDSUFFIX=shibboleth
+elif [ $TYPE == "SSP" ] ; then
+ EIDSUFFIX=simplesaml
+else
+ echo "Unknown type: $TYPE \(SHIB and SSP are supported\)"
+ exit 3
fi
-if [ ! -z $HOSTLIST ] ; then
- if [ -s $HOSTLIST ] ; then
- while read h
- do
- HOSTS[${#HOSTS[@]}]=$h
- done <$HOSTLIST
+
+if [ -z $ENTITYID ] ; then
+ if [ ${#HOSTS[*]} -eq 0 ] ; then
+ ENTITYID=https://${NAKEDHOSTS[0]}/$EIDSUFFIX
else
- echo File with list of hostnames $l does not exist!
- exit 2
+ ENTITYID=https://${HOSTS[0]}/$EIDSUFFIX
fi
fi
@@ -93,17 +110,38 @@ if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
SAML2=1
fi
-if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
+if [ $LOGOUT -eq 1 ] ; then
SAML2=1
- SLO[${#SLO[*]}]=$SAML20SOAP
- SLO[${#SLO[*]}]=$SAML20REDIRECT
- SLO[${#SLO[*]}]=$SAML20POST
- SLOLOC[${#SLOLOC[*]}]="SOAP"
- SLOLOC[${#SLOLOC[*]}]="Redirect"
- SLOLOC[${#SLOLOC[*]}]="POST"
- if [ $ARTIFACT -eq 1 ] ; then
+ if [ $TYPE == "SHIB" ] ; then
+ SLO[${#SLO[*]}]=$SAML20SOAP
+ SLO[${#SLO[*]}]=$SAML20REDIRECT
+ SLO[${#SLO[*]}]=$SAML20POST
+ SLOLOC[${#SLOLOC[*]}]="Shibboleth.sso/SLO/SOAP"
+ SLOLOC[${#SLOLOC[*]}]="Shibboleth.sso/SLO/Redirect"
+ SLOLOC[${#SLOLOC[*]}]="Shibboleth.sso/SLO/POST"
+ elif [ $TYPE == "SSP" ] ; then
+ SLO[${#SLO[*]}]=$SAML20SOAP
+ SLO[${#SLO[*]}]=$SAML20REDIRECT
+ SLOLOC[${#SLOLOC[*]}]="simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"
+ SLOLOC[${#SLOLOC[*]}]="simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"
+ fi
+ if [ $ARTIFACT -eq 1 -a $TYPE == "SHIB" ] ; then
SLO[${#SLO[*]}]=$SAML20ART
- SLOLOC[${#SLOLOC[*]}]="Artifact"
+ SLOLOC[${#SLOLOC[*]}]="Shibboleth.sso/SLO/Artifact"
+ fi
+fi
+
+if [ $NAMEIDMGMT -eq 1 -a $TYPE == "SHIB" ] ; then
+ SAML2=1
+ NIM[${#NIM[*]}]=$SAML20SOAP
+ NIM[${#NIM[*]}]=$SAML20REDIRECT
+ NIM[${#NIM[*]}]=$SAML20POST
+ NIMLOC[${#NIMLOC[*]}]="Shibboleth.sso/NIM/SOAP"
+ NIMLOC[${#NIMLOC[*]}]="Shibboleth.sso/NIM/Redirect"
+ NIMLOC[${#NIMLOC[*]}]="Shibboleth.sso/NIM/POST"
+ if [ $ARTIFACT -eq 1 -a $TYPE == "SHIB" ] ; then
+ NIM[${#NIM[*]}]=$SAML20ART
+ NIMLOC[${#NIMLOC[*]}]="Shibboleth.sso/NIM/Artifact"
fi
fi
@@ -116,24 +154,42 @@ else
fi
if [ $SAML2 -eq 1 ] ; then
- ACS[${#ACS[*]}]=$SAML20POST
- ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
- ACS[${#ACS[*]}]=$SAML20POSTSS
- ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
- if [ $ARTIFACT -eq 1 ] ; then
- ACS[${#ACS[*]}]=$SAML20ART
- ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
+ if [ $TYPE == "SHIB" ] ; then
+ ACS[${#ACS[*]}]=$SAML20POST
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML2/POST"
+ ACS[${#ACS[*]}]=$SAML20POSTSS
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML2/POST-SimpleSign"
+ if [ $ARTIFACT -eq 1 ] ; then
+ ACS[${#ACS[*]}]=$SAML20ART
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML2/Artifact"
+ fi
+ ACS[${#ACS[*]}]=$SAML20PAOS
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML2/ECP"
+ elif [ $TYPE == "SSP" ] ; then
+ ACS[${#ACS[*]}]=$SAML20POST
+ ACSLOC[${#ACSLOC[*]}]="simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
+ if [ $ARTIFACT -eq 1 ] ; then
+ ACS[${#ACS[*]}]=$SAML20ART
+ ACSLOC[${#ACSLOC[*]}]="simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
+ fi
fi
- ACS[${#ACS[*]}]=$SAML20PAOS
- ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
fi
if [ $SAML1 -eq 1 ] ; then
- ACS[${#ACS[*]}]=$SAML1POST
- ACSLOC[${#ACSLOC[*]}]="SAML/POST"
- if [ $ARTIFACT -eq 1 ] ; then
- ACS[${#ACS[*]}]=$SAML1ART
- ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
+ if [ $TYPE == "SHIB" ] ; then
+ ACS[${#ACS[*]}]=$SAML1POST
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML/POST"
+ if [ $ARTIFACT -eq 1 ] ; then
+ ACS[${#ACS[*]}]=$SAML1ART
+ ACSLOC[${#ACSLOC[*]}]="Shibboleth.sso/SAML/Artifact"
+ fi
+ elif [ $TYPE == "SSP" ] ; then
+ ACS[${#ACS[*]}]=$SAML1POST
+ ACSLOC[${#ACSLOC[*]}]="simplesaml/module.php/saml/sp/saml1-acs.php/default-sp"
+ if [ $ARTIFACT -eq 1 ] ; then
+ ACS[${#ACS[*]}]=$SAML1ART
+ ACSLOC[${#ACSLOC[*]}]="simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact"
+ fi
fi
fi
@@ -142,6 +198,9 @@ if [ $DECLS -eq 1 ] ; then
if [ $DS -eq 1 ] ; then
DECLS="${DECLS}xmlns:disco=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" "
fi
+ if [ $MDUI -eq 1 ] ; then
+ DECLS="${DECLS}xmlns:mdui=\"urn:oasis:names:tc:SAML:metadata:ui\" "
+ fi
else
DECLS=""
fi
@@ -152,28 +211,52 @@ cat <<EOF
EOF
# Discovery BEGIN
-if [ $DS -eq 1 ] ; then
+if [ $DS -eq 1 -a $TYPE == "SHIB" -o $MDUI -eq 1 ] ; then
cat << EOF
<md:Extensions>
EOF
-count=1
-for h in ${HOSTS[@]}
-do
+if [ $MDUI -eq 1 ] ; then
cat << EOF
- <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
+ <mdui:UIInfo>
EOF
- let "count++"
-done
-for h in ${NAKEDHOSTS[@]}
-do
+ if [ -n "$DISPLAYNAME" ] ; then
+ cat << EOF
+ <mdui:DisplayName xml:lang="en">$DISPLAYNAME</mdui:DisplayName>
+EOF
+ fi
+
+ if [ -n "$DESC" ] ; then
+ cat << EOF
+ <mdui:Description xml:lang="en">$DESC</mdui:Description>
+EOF
+ fi
+
cat << EOF
- <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
+ </mdui:UIInfo>
EOF
- let "count++"
-done
+fi
+
+if [ $DS -eq 1 -a $TYPE == "SHIB" ] ; then
+ count=1
+ for h in ${HOSTS[@]}
+ do
+ cat << EOF
+ <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
+EOF
+ let "count++"
+ done
+
+ for h in ${NAKEDHOSTS[@]}
+ do
+ cat << EOF
+ <disco:DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
+EOF
+ let "count++"
+ done
+fi
cat << EOF
</md:Extensions>
@@ -199,13 +282,6 @@ cat << EOF
EOF
done
-for f in ${FORMATS[@]}
-do
-cat << EOF
- <md:NameIDFormat>$f</md:NameIDFormat>
-EOF
-done
-
# Logout BEGIN
if [ $LOGOUT -eq 1 ] ; then
@@ -215,7 +291,7 @@ do
while [ $count -lt ${#SLO[*]} ]
do
cat <<EOF
- <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
+ <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/${SLOLOC[$count]}"/>
EOF
let "count++"
done
@@ -227,7 +303,7 @@ do
while [ $count -lt ${#SLO[*]} ]
do
cat <<EOF
- <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
+ <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/${SLOLOC[$count]}"/>
EOF
let "count++"
done
@@ -236,16 +312,16 @@ done
fi
# Logout END
-# NameID Mgmt BEGIN
-if [ $NAMEIDMGMT -eq 1 ] ; then
+# NameID Mgmt BEGIN
+if [ $NAMEIDMGMT -eq 1 -a $TYPE == "SHIB" ] ; then
for h in ${HOSTS[@]}
do
count=0
- while [ $count -lt ${#SLO[*]} ]
+ while [ $count -lt ${#NIM[*]} ]
do
cat <<EOF
- <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
+ <md:ManageNameIDService Binding="${NIM[$count]}" Location="https://$h/${NIMLOC[$count]}"/>
EOF
let "count++"
done
@@ -254,10 +330,10 @@ done
for h in ${NAKEDHOSTS[@]}
do
count=0
- while [ $count -lt ${#SLO[*]} ]
+ while [ $count -lt ${#NIM[*]} ]
do
cat <<EOF
- <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
+ <md:ManageNameIDService Binding="${NIM[$count]}" Location="http://$h/${NIMLOC[$count]}"/>
EOF
let "count++"
done
@@ -266,6 +342,13 @@ done
fi
# NameID Mgmt END
+for f in ${FORMATS[@]}
+do
+cat << EOF
+ <md:NameIDFormat>$f</md:NameIDFormat>
+EOF
+done
+
index=0
for h in ${HOSTS[@]}
do
@@ -273,7 +356,7 @@ do
while [ $count -lt ${#ACS[*]} ]
do
cat <<EOF
- <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
+ <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/${ACSLOC[$count]}" index="$((index+1))"/>
EOF
let "count++"
let "index++"
@@ -286,7 +369,7 @@ do
while [ $count -lt ${#ACS[*]} ]
do
cat <<EOF
- <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
+ <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/${ACSLOC[$count]}" index="$((index+1))"/>
EOF
let "count++"
let "index++"
@@ -353,3 +436,4 @@ cat <<EOF
</md:EntityDescriptor>
EOF
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list