4 PROG="$(basename "$0")"
7 echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
10 echo " $PROG urn:someservice https://sp.example.org/mellon"
14 if [ "$#" -lt 2 ]; then
20 if [ -z "$ENTITYID" ]; then
21 echo "$PROG: An entity ID is required." >&2
26 if [ -z "$BASEURL" ]; then
27 echo "$PROG: The URL to the MellonEndpointPath is required." >&2
31 if ! echo "$BASEURL" | grep -q '^https\?://'; then
32 echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
36 HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')"
37 BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
39 OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
41 echo "Private key: $OUTFILE.key"
42 echo "Certificate: $OUTFILE.cert"
43 echo "Metadata: $OUTFILE.xml"
47 echo "SingleLogoutService: $BASEURL/logout"
48 echo "AssertionConsumerService: $BASEURL/postResponse"
51 # No files should not be readable by the rest of the world.
54 TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
56 cat >"$TEMPLATEFILE" <<EOF
57 RANDFILE = /dev/urandom
60 default_keyfile = privkey.pem
61 distinguished_name = req_distinguished_name
63 policy = policy_anything
64 [req_distinguished_name]
68 openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
72 CERT="$(grep -v '^-----' "$OUTFILE.cert")"
74 cat >"$OUTFILE.xml" <<EOF
75 <EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
76 <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
77 <KeyDescriptor use="signing">
78 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
80 <ds:X509Certificate>$CERT</ds:X509Certificate>
84 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
85 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
91 chmod go+r "$OUTFILE.xml"
92 chmod go+r "$OUTFILE.cert"